CVE-2012-6682
Description
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.3.2
Patches
Vulnerability mechanics
Root cause
"The application does not properly sanitize user-supplied input in the mirrors[] parameter, allowing for the injection of arbitrary web script or HTML."
Attack vector
A remote attacker can inject arbitrary web script or HTML by sending a crafted request to the `downloads/actions/editdownload.php` script. The vulnerability lies in the handling of the `mirrors[]` parameter, which is not properly escaped before being rendered in the HTML output. This allows an attacker to execute malicious scripts in the context of a victim's browser session [ref_id=1].
Affected code
The vulnerability exists in the `downloads/actions/editdownload.php` file within the DragonByte Technologies vBDownloads module. Specifically, the code responsible for handling the `mirrors[]` parameter does not properly sanitize the input before outputting it to the HTML page [ref_id=1].
What the fix does
The patch addresses the vulnerability by applying the `htmlspecialchars_uni()` function to the `mirror` variable before it is included in the HTML output. This function properly escapes special characters, preventing them from being interpreted as HTML or script code. The advisory indicates that this change prevents the cross-site scripting vulnerability in the `editdownload.php` file [ref_id=1].
Preconditions
- inputThe `mirrors[]` parameter must be present in the request.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- secunia.com/advisories/48522mitrethird-party-advisoryx_refsource_SECUNIA
- www.dragonbyte-tech.com/f4/vbactivity-vbshout-forumon-rpg-vbdownloads-vbquiz-updates-security-releases-6876/mitrex_refsource_CONFIRM
- www.securityfocus.com/bid/52713mitrevdb-entryx_refsource_BID
- exchange.xforce.ibmcloud.com/vulnerabilities/74347mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.