|Google Dork Description: vBulletin version 3.0.1 newreply.php XSS||GHDB-ID: 306|
|Google Search: "Powered by: vBulletin * 3.0.1" inurl:newreply.php||EDB-ID: N/A|
vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/.