Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module prior to 6.0.6 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dragonbyte-tech vbshout module |