CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities
Product: vBulletin Forum
Vendor: vBulletin
Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4
Tested Version: 5.1.3 4.2.2
Advisory Publication: Feb 12, 2015
Latest Update: Feb 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore] (@justqdjing)


Advisory Details:


(1) Vendor & Product Description:




Product & Version:
vBulletin Forum
5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4


Vendor URL & Download:
vBulletin can be downloaded from here,


Product Introduction:
“vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server.”
“Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.”


(2) Vulnerability Details:
vBulletin has a security problem. It can be exploited by XSS attacks.


(2.1) The vulnerability occurs at “forum/help” page. Add “hash symbol” first. Then add script at the end of it.