vBulletin version 3.6.5 suffers from a cross site scripting flaw in its RSS feed functionality.
c6cc1fe24c95c249c717bdd415beea89cc8f598c702ed7297a4e2af04fd83ada
vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed .
exactlly in add rss url
by adding : "><script>alert(document.cookie);</script>
a cool messege box appear with cookies ;)
earlier versions affected also .
-----------------------------------------------------------------------------
Discovered by meto5757
-----------------------------------------------------------------------------