Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote malicious users to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jelsoft vbulletin 3.0.12 |
||
jelsoft vbulletin 3.5.3 |