CVE-2003-0295 — MEDIUM (6.8)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Jelsoft	Vbulletin	3.0.0_beta_2

References

http://marc.info/?l=bugtraq&m=105292832607981&w=2
http://marc.info/?l=bugtraq&m=105293890422210&w=2
http://marc.info/?l=bugtraq&m=105292832607981&w=2
http://marc.info/?l=bugtraq&m=105293890422210&w=2

FAQ

What is CVE-2003-0295?

CVE-2003-0295 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

How severe is CVE-2003-0295?

CVE-2003-0295 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0295?

Check the references section above for vendor advisories and patch information. Affected products include: Jelsoft Vbulletin.