1 min read

XSS Vulnerability in DragonByte vBSecurity 3.x through 3.3.0

XSS Vulnerability in DragonByte vBSecurity 3.x through 3.3.0
Photo by Richard Horvath / Unsplash

Cross-site scripting (XSS) vulnerability in /library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows remote attackers to inject arbitrary web script or HTML via a crafted user agent string$session['user_agent'] in the "Login Sessions" feature.

vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Source: https://www.dragonbyte-tech.com/store/vbsecurity.123/
NVD - CVE-2018-12580