Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jelsoft | Vbulletin | 3.6.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/35152
- http://secunia.com/advisories/24085Vendor Advisory
- http://www.securityfocus.com/archive/1/459289/100/0/threaded
- http://www.securityfocus.com/archive/1/459367/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32268
- http://osvdb.org/35152
- http://secunia.com/advisories/24085Vendor Advisory
- http://www.securityfocus.com/archive/1/459289/100/0/threaded
- http://www.securityfocus.com/archive/1/459367/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32268
FAQ
What is CVE-2007-0830?
CVE-2007-0830 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via...
How severe is CVE-2007-0830?
CVE-2007-0830 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0830?
Check the references section above for vendor advisories and patch information. Affected products include: Jelsoft Vbulletin.