A vulnerability has been found in vBulletin 5.6.3 from security researchers.
vBulletin™ is the world leader in forum and community publishing software. Customers have created vibrant communities for over 10 years on vBulletin’s stable and mature platform. Developed with security, powerful administration features and speed in mind, it serves over 40,000 online communities.
This vulnerability affects some unknown functionality of the component Admin CP. he manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79 .
As an impact it is known to affect integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
The weakness was presented 09/03/2020. This vulnerability was named CVE-2020-25123 since 09/03/2020. The attack can be initiated remotely. A single authentication is required for exploitation. There are neither technical details nor an exploit publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.