source: http://www.securityfocus.com/bid/6226/infovBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. |
As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin. |