vBulletin version 3.0.1 newreply.php XSS

Google dork Description: vBulletin version 3.0.1 newreply.php XSS
Google search: "Powered by: vBulletin * 3.0.1" inurl:newreply.php
Submited: 2004-07-02
vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/.