CVE-2014-3135
CVE-2014-3135 concerns multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 . The issues allow an attacker to inject arbitrary script/HTML via several vectors: (1) PATH_INFO to privatemessage/new/, (2) folderid parameter in privatemessage/view, (3) a fragment indicator t...