The document describes multiple XSS vulnerabilities in vBulletin versions 3.0.0 to 3.5.4, including examples of malicious scripts injected via URL parameters. It provides technical details on how the vulnerabilities can be exploited but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:vBulletin 3.0.0 to 3.5.4
No auth needed
Prerequisites:Access to a vulnerable vBulletin instance