original advisories: http://www.kapda.ir/advisory-266.html http://myimei.com/security/2006-02-19/vbulletin3012353s_valid_emailxss-attack.html KAPDA New advisory Software: vBulletin Vendor: http://www.vBulletin.com Versions: 3.0.12-3.5.3 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Medium -------Description------- There is a security bug in most powerfull & common forum software vBulletin version 3.0.12&3.5.3 that allows attacker performe a XSS attack. -------Credit------- Discovered by: imei addmimistrator addmimistrator(4}gmail(O}com kapda(4}kapda(0)ir http://www.myimei.com http://myimei.com/security KAPDA - Computer Security Science Researchers Institute http://www.KAPDA.ir
