VBulletin Admin Control Panel Index.PHP Multiple Cross-Site Scripting Vulnerabilities

VBulletin Admin Control Panel Index.PHP Multiple Cross-Site Scripting Vulnerabilities

vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions 3.6.0 to 3.6.3 are vulnerable; other versions may also be affected.