CVE-2006-0080 Information

Description

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the title of an event which is not properly filtered by (1) calendar.php and (2) reminder.php.

Reference

http://kapda.ir/advisory-177.html http://secunia.com/advisories/18299 http://www.osvdb.org/22210 http://www.osvdb.org/22220 http://www.securityfocus.com/archive/1/420663/100/0/threaded http://www.securityfocus.com/archive/1/421310/100/0/threaded http://www.securityfocus.com/bid/16116 http://www.vupen.com/english/advisories/2006/0033