{"api_version":"1","generated_at":"2026-05-07T02:31:24+00:00","cve":"CVE-2012-6668","urls":{"html":"https://cve.report/CVE-2012-6668","api":"https://cve.report/api/cve/CVE-2012-6668.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-6668","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-6668"},"summary":{"title":"CVE-2012-6668","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-01-11 20:29:00","updated_at":"2018-01-31 14:35:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","name":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"vBActivity / vBShout / Forumon RPG / vBDownloads / vBQuiz Updates (Security Releases)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74345","name":"vbulletin-vbshout-multiple-xss(74345)","refsource":"XF","tags":["VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/52715","name":"52715","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"vBShout 'Shoutbox Search Archive' Multiple HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/48519","name":"48519","refsource":"SECUNIA","tags":["Permissions Required"],"title":"Security Advisory SA48519 - vBulletin vbShout Module Cross-Site Scripting and Script Insertion Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-6668","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6668","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"6668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dragonbyte-tech","cpe5":"vbshout_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vbulletin","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6668","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dragonbyte-tech","cpe5":"vbshout_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vbulletin","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-6668","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","refsource":"CONFIRM","url":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/"},{"name":"52715","refsource":"BID","url":"http://www.securityfocus.com/bid/52715"},{"name":"48519","refsource":"SECUNIA","url":"http://secunia.com/advisories/48519"},{"name":"vbulletin-vbshout-multiple-xss(74345)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74345"}]}},"nvd":{"publishedDate":"2018-01-11 20:29:00","lastModifiedDate":"2018-01-31 14:35:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dragonbyte-tech:vbshout_module:*:*:*:*:*:vbulletin:*:*","versionEndExcluding":"6.0.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"6668","Ordinal":"76369","Title":"CVE-2012-6668","CVE":"CVE-2012-6668","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"6668","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"6668","Ordinal":"2","NoteData":"2018-01-11","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"6668","Ordinal":"3","NoteData":"2018-01-11","Type":"Other","Title":"Modified"}]}}}