Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16236
HistoryMar 02, 2007 - 12:00 a.m.

vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

2007-03-0200:00:00
vulners.com
31

vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed .

exactlly in add rss url

by adding : "><script>alert(document.cookie);</script>

a cool messege box appear with cookies ;)

earlier versions affected also .

Discovered by meto5757