CVE-2002-2235

Name of the Vulnerable Software and Affected Versions: vBulletin versions 2.2.9 and earlier

Description: The issue arises from the improper restriction of the $perpage variable to be an integer in the member2.php file. This causes an error message to be reflected back to the user without proper quoting, facilitating cross-site scripting (XSS) and possibly other attacks.

Recommendations: For vBulletin versions 2.2.9 and earlier, ensure that the $perpage variable is properly validated and restricted to integer values to prevent potential attacks. As a temporary workaround, consider implementing input validation for the $perpage variable to mitigate the risk of exploitation.