Cross site scripting

2018-01-1120:29:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.2%

JSON

Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.

CPENameOperatorVersion
vbdownloads_moduleeq1.3.2

CPE	Name	Operator	Version
	vbdownloads_module	eq	1.3.2

References

secunia.com/advisories/48522

www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/

www.securityfocus.com/bid/52713

exchange.xforce.ibmcloud.com/vulnerabilities/74347