Source: http://www.securityfocus.com/bid/6337/info
Problems with vBulletin could make it possible for an attacker to inject arbitrary HTML in vBulletin forum messages.