Uploader.swf flash file in vBulletin forum vulnerable to XSS
Uploader.swf flash file in vBulletin forum vulnerable to XSS: Attention! vBulletin forums users, there is a flash file in the vBulletin forum software which is vulnerable to Cross site scripting(XSS).
The file “Uploader.swf” is located either in located in ‘clientscript/yui/uploader/assets’ or ‘/core/clientscript/yui/uploader/assets’.
“It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue.” vBulletin Security advisory reads.
Proof of concept: