Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin prior to 3.0 allows remote malicious users to inject arbitrary web script or HTML via the what parameter to memberlist.php.
source: wwwsecurityfocuscom/bid/6226/info
vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks
As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website r ...