vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "><script>alert(document.cookie);</script> a cool messege box appear with cookies ;) earlier versions affected also . ----------------------------------------------------------------------------- Discovered by meto5757 -----------------------------------------------------------------------------