cpe:/a:jelsoft:vbulletin:2.0 cpe:/a:jelsoft:vbulletin:2.0.1 cpe:/a:jelsoft:vbulletin:2.0.2 cpe:/a:jelsoft:vbulletin:2.2.0 cpe:/a:jelsoft:vbulletin:2.2.1 cpe:/a:jelsoft:vbulletin:2.2.2 cpe:/a:jelsoft:vbulletin:2.2.3 cpe:/a:jelsoft:vbulletin:2.2.4 cpe:/a:jelsoft:vbulletin:2.2.5 cpe:/a:jelsoft:vbulletin:2.2.6 cpe:/a:jelsoft:vbulletin:2.2.7 cpe:/a:jelsoft:vbulletin:2.2.8 cpe:/a:jelsoft:vbulletin:2.2.9 cpe:/a:jelsoft:vbulletin:2.2.9_can CVE-2002-2235 2002-12-31T00:00:00.000-05:00 2008-09-05T16:32:41.337-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-12-19T10:58:00.000-05:00 BUGTRAQ 20021123 vBulletin XSS Injection Vulnerability SREASON 3229 BID 6246 XF vbulletin-member2-perpage-xss(10701) member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.