CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

EUVD-2018-4540

Malware in sbrugna...

DragonByte vBSecurity for vBulletin Cross-Site Scripting Vulnerability

DragonByte vBSecurity for vBulletin is a suite of vBulletin-based security protection software for web sites from DragonByte Technologies, Scotland. The software monitors configuration file changes, user logins, and alerts you when your website's security is threatened. A cross-site scripting...

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

Design/Logic Flaw

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

CVE-2018-12580

CVE-2018-12580 affects DragonByte vBSecurity 3.x up to 3.3.0 for vBulletin 3/4. The issue is a self-XSS in the Login Sessions feature caused by untrusted input in the session field $session['user_agent'], enabling an attacker to inject script/HTML. The Red Hat entry and CNVD/NVD records corrobora...