Skip to main content

vBulletin CVE-2026-9357

| EUVD-2026-31572 LOW
Cross-site Scripting (XSS) (CWE-79)
2026-05-24 VulDB GHSA-8rjw-7777-4jwx
XSS
2.0
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
CVSS changed
May 26, 2026 - 20:07 NVD
3.5 (LOW) 2.0 (LOW)
Analysis Generated
May 24, 2026 - 06:45 vuln.today

DescriptionNVD

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended redistribution of exploit details to prevent simplified exploitation. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stored or reflected cross-site scripting in vBulletin 6.x login component allows authenticated users with low privileges to inject malicious scripts that execute when other users interact with the manipulated login function. Public proof-of-concept exists (CVSS E:P) but detailed exploitation steps are being withheld by VulDB. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-9357 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy