{"api_version":"1","generated_at":"2026-05-07T02:31:24+00:00","cve":"CVE-2012-6670","urls":{"html":"https://cve.report/CVE-2012-6670","api":"https://cve.report/api/cve/CVE-2012-6670.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-6670","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-6670"},"summary":{"title":"CVE-2012-6670","description":"Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-01-11 20:29:00","updated_at":"2018-01-31 14:38:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","name":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"vBActivity / vBShout / Forumon RPG / vBDownloads / vBQuiz Updates (Security Releases)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/48490","name":"48490","refsource":"SECUNIA","tags":["Permissions Required"],"title":"Security Advisory SA48490 - vBulletin vbActivity Module "reason" Script Insertion Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/52711","name":"52711","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"vBulletin vbActivity Pro module 'reason' parameter Multiple HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74346","name":"vbulletin-vbactivity-reason-xss(74346)","refsource":"XF","tags":["VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-6670","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6670","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"6670","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dragonbyte-tech","cpe5":"vbactivity_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vbulletin","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6670","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dragonbyte-tech","cpe5":"vbactivity_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vbulletin","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-6670","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"48490","refsource":"SECUNIA","url":"http://secunia.com/advisories/48490"},{"name":"52711","refsource":"BID","url":"http://www.securityfocus.com/bid/52711"},{"name":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/","refsource":"CONFIRM","url":"http://www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/"},{"name":"vbulletin-vbactivity-reason-xss(74346)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74346"}]}},"nvd":{"publishedDate":"2018-01-11 20:29:00","lastModifiedDate":"2018-01-31 14:38:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dragonbyte-tech:vbactivity_module:*:*:*:*:*:vbulletin:*:*","versionEndExcluding":"3.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"6670","Ordinal":"76371","Title":"CVE-2012-6670","CVE":"CVE-2012-6670","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"6670","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"6670","Ordinal":"2","NoteData":"2018-01-11","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"6670","Ordinal":"3","NoteData":"2018-01-11","Type":"Other","Title":"Modified"}]}}}