XSS Vulnerability in DragonByte vBSecurity 3.x through 3.3.0
Cross-site scripting (XSS) vulnerability in /library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows remote attackers to inject arbitrary web script or HTML via a crafted user agent string$session['user_agent'] in the "Login Sessions" feature.
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.
Source: https://www.dragonbyte-tech.com/store/vbsecurity.123/
Member discussion