VULHUB ™

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems. vBulletin includes functionality to allow forum users to post images in messages. To post an image, a user simply includes a link to the image inside of [img] tags. However, vBulletin does not adequately filter script code from image tags, making it prone to cross-agent scripting attacks. Additionally, it has been reported that script code is not filtered from other tags, such as [url], [email], etc. It is not known whether vBulletin Lite is also affected by this vulnerability.

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems. vBulletin includes functionality to allow forum users to post images in messages. To post an image, a user simply includes a link to the image inside of [img] tags. However, vBulletin does not adequately filter script code from image tags, making it prone to cross-agent scripting attacks. Additionally, it has been reported that script code is not filtered from other tags, such as [url], [email], etc. It is not known whether vBulletin Lite is also affected by this vulnerability.