CVE-2007-2908

Name of the Vulnerable Software and Affected Versions vBulletin versions prior to 3.6.6

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the title field in a single add action in the calendar.php file.

Recommendations For versions prior to 3.6.6, update to version 3.6.6 or later to resolve the issue.