CVE-2012-6670
Summary
| CVE | CVE-2012-6670 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-11 20:29:00 UTC |
| Updated | 2018-01-31 14:38:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dragonbyte-tech | Vbactivity Module | All | All | All | All |
| Application | Dragonbyte-tech | Vbactivity Module | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| vBActivity / vBShout / Forumon RPG / vBDownloads / vBQuiz Updates (Security Releases) | CONFIRM | www.dragonbyte-tech.com | Patch, Vendor Advisory |
| Security Advisory SA48490 - vBulletin vbActivity Module "reason" Script Insertion Vulnerabilities - Secunia | SECUNIA | secunia.com | Permissions Required |
| vBulletin vbActivity Pro module 'reason' parameter Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.