JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided.

http://www.example.com/private.php?&action=newmessage&userid=[UID]&forward=[XSS]