exploitDog

GHSA-896r-j9rp-2fjq

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.

Ссылки

EPSS

Процентиль: 50%

0.00272

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-6670

CVSS3: 6.1

nvd

около 8 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.

EPSS

Процентиль: 50%

0.00272

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79