JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities

An exploit is not required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/admincp/index.php?vb_login_username=[XSS]
http://www.example.com/modcp/index.php?vb_login_username=[XSS]