CVE Record: CVE-2012-6670

Required CVE Record Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.

Product Status

Learn more

Information not provided

References 4 Total

secunia.com: 48490
external site
third-party-advisory
securityfocus.com: 52711
external site
vdb-entry
http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/
external site
exchange.xforce.ibmcloud.com: vbulletin-vbactivity-reason-xss(74346)
external site
vdb-entry

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 4 Total

secunia.com: 48490
external site
third-party-advisoryx_transferred
securityfocus.com: 52711
external site
vdb-entryx_transferred
http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/
external site
x_transferred
exchange.xforce.ibmcloud.com: vbulletin-vbactivity-reason-xss(74346)
external site
vdb-entryx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 4 Total

CVE Program

References 4 Total