Vbulletin · Vbulletin 4 · CVE-2018-12580
**Name of the Vulnerable Software and Affected Versions**
DragonByte vBSecurity versions 3.x through 3.3.0 for vBulletin 3 and vBulletin 4
**Description**
The issue allows self-XSS via the `user agent` variable in the "Login Sessions" feature. This occurs in the library/DBTech/Security/Action/Sessions.php file.
**Recommendations**
For DragonByte vBSecurity versions 3.x through 3.3.0, consider restricting access to the "Login Sessions" feature until a fix is available. As a temporary workaround, avoid using the `user agent` variable in the affected feature to minimize the risk of exploitation.