https://www.exploit-db.com/exploits/23823
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-323

JelsoftvBulletin2.0beta3至3.0can4版本存在多个跨站脚本（XSS)漏洞。远程攻击者借助(1)showthread.php的page参数或者(2)forumdisplay.php的order参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/9889/info

It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'showthread.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks. 

Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/showthread.php?t=[VID]&page=[INT][XSS]

来源:SECUNIA
名称:11142
链接:http://secunia.com/advisories/11142
来源:XF
名称:vbulletin-showthread-xss(15495)
链接:http://xforce.iss.net/xforce/xfdb/15495
来源:BID
名称:9889
链接:http://www.securityfocus.com/bid/9889
来源:BID
名称:9888
链接:http://www.securityfocus.com/bid/9888
来源:BUGTRAQ
名称:20040316JelSoftvBulletinMultipleXSSVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107945556112453&w;=2
来源:OSVDB
名称:4311
链接:http://www.osvdb.org/4311
来源:OSVDB
名称:4310
链接:http://www.osvdb.org/4310
来源:SECTRACK
名称:1009440
链接:http://securitytracker.com/id?1009440