CVE-2020-25121
Affected software: vBulletin 5.6.3 Admin CP. Vulnerability: cross-site scripting (XSS) via the Paid Subscription Email Notification field in the Options. Root cause: input in that field is not properly sanitized, enabling injection in the Admin CP context. Impact: XSS could affect authenticated a...