{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9357", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-23T09:39:47.115Z", "datePublished": "2026-05-24T05:15:09.701Z", "dateUpdated": "2026-05-24T05:15:09.701Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-24T05:15:09.701Z"}, "title": "vBulletin Login cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "n/a", "product": "vBulletin", "versions": [{"version": "6.*", "status": "affected"}], "cpes": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "modules": ["Login"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended redistribution of exploit details to prevent simplified exploitation. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-05-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-23T11:44:56.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "chor4o (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/365320", "name": "VDB-365320 | vBulletin Login cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/365320/cti", "name": "VDB-365320 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/813052", "name": "Submit #813052 | Cross Site Scripting no f\u00f3rum vBulletin 6.xx Vbulletin 6.x.x Cross Site Scripting", "tags": ["third-party-advisory"]}]}}}

{}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.0.0,7.0.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "vBulletin", "source": "cna", "vendor": "n/a"}, "product": "vbulletin", "vendor": "vbulletin"}], "created": "2026-05-24T07:30:15.891246+00:00", "updated": "2026-05-24T08:00:10.504322+00:00", "vendors": ["vbulletin", "vbulletin$PRODUCT$vbulletin"]}