|
Description
|
|
A vulnerability has been reported in vBQuiz module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via the "quiz_name" parameter to dbtech/vbquiz/includes/class_profileblock.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
|
