New XSS Flaw: vBulletin 3.7.2 PL2 and 3.6.10 PL4
Monday, August 18th, 2008The latest Jelsoft security bulletin, dated this August 18th, 2008, has announced the discovery of a new XSS flaw related to JavaScript escaping. This flaw could allow unauthorized users to carry out unauthorized actions or obtain access to a user’s account. vBulletin patch releases 3.7.2 PL2 and 3.6.10 PL4 have been released to address the new XSS flaw, discovered by Federico Muttis.
