|
vBulletin '$newpm[title]' Parameter Cross-Site Scripting Vulnerability
An attacker can exploit this issue by tricking an unsuspecting user into opening a malicious private message. The follwing proof-of-concept code will execute when included in the title of a private message: --></script><script>alert(/xss/.source)</script><!-- |
|
|
Privacy Statement |