CVE-2012-6668
Summary
| CVE | CVE-2012-6668 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-11 20:29:00 UTC |
| Updated | 2018-01-31 14:35:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dragonbyte-tech | Vbshout Module | All | All | All | All |
| Application | Dragonbyte-tech | Vbshout Module | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| vBActivity / vBShout / Forumon RPG / vBDownloads / vBQuiz Updates (Security Releases) | CONFIRM | www.dragonbyte-tech.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry |
| vBShout 'Shoutbox Search Archive' Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Security Advisory SA48519 - vBulletin vbShout Module Cross-Site Scripting and Script Insertion Vulnerabilities - Secunia | SECUNIA | secunia.com | Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.