CVE-2012-6671

Multiple cross-site scripting XSS vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the 1 monstertitle or 2 monsterdescription parameters...