The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.
5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723
phpFoX could allow a malicious person to log in as any user by editing their cookie.
eeb50c5357012c97138995cc8bee7e00955024516aa814216834b45304cb7f8c