漏洞描述
DragonByte Technologies vBShout for vBulletin是苏格兰DragonByte Technologies公司的一款用于vBulletin(开源商业Web论坛程序)的具有发帖与回帖功能的模块。 DragonByte Technologies vBShout for vBulletin中的vbshout.php文件存在跨站脚本漏洞。远程攻击者可借助‘shout’参数利用该漏洞注入任意的Web脚本或HTML。
DragonByte Technologies vBShout for vBulletin 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2019-16759: vBulletin v5.0.0-v5.5.4 Remote Command Execution
- Network Technologies Inc ENVIROMUX存在默认口令
- POC CVE-2016-6195: vBulletin <= 4.2.3 - SQL Injection
- POC CVE-2018-6200: vBulletin - Open Redirect
- POC CVE-2019-16759: vBulletin 5.0.0-5.5.4 - Remote Command Execution
- POC CVE-2020-12720: vBulletin SQL Injection
- POC CVE-2020-17496: vBulletin 5.5.4 - 5.6.2- Remote Command Execution
- POC CVE-2021-30049: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
- POC CVE-2023-25135: vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
- POC CVE-2025-48827: vBulletin 5.0.0-6.0.3 - Authentication Bypass
- POC CVE-2025-48828: vBulletin replaceAdTemplate - Remote Code Execution
- POC enviromuux-default-login: Network Technologies Inc ENVIROMUX - Default Login
- POC vbulletin-ajaxreg-sqli: vBulletin 3.x / 4.x AjaxReg - SQL Injection