vBulletin 2.0.x/2.2.x members2.php Cross Site Scripting Vulnerability

source: http://www.securityfocus.com/bid/6246/info

Due to insufficient sanitization of user supplied values, it is possible to exploit a vulnerability in VBulletin. By passing an invalid value to a variable located in 'members2.php', it is possible to generate an error page which will include attacker-supplied HTML code which will be executed in a legitimate users browser.

READ MORE »