Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vbulletin vbulletin 3.7.1 |
||
vbulletin vbulletin 3.6.10 |