CVE-2011-5251

Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
vbulletinvbulletin
𝑥
≤ 4.1.3
vbulletinvbulletin
4.0.0
vbulletinvbulletin
4.0.1
vbulletinvbulletin
4.0.2
vbulletinvbulletin
4.0.3
vbulletinvbulletin
4.0.4
vbulletinvbulletin
4.0.5
vbulletinvbulletin
4.0.6
vbulletinvbulletin
4.0.7
vbulletinvbulletin
4.0.8
vbulletinvbulletin
4.1
vbulletinvbulletin
4.1.1
vbulletinvbulletin
4.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441
http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441