CVE-2006-6040

Name of the Vulnerable Software and Affected Versions vBulletin versions 3.6.x

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the prefs parameter in a "buildnavprefs" action or the navprefs parameter in a "savenavprefs" action.

Recommendations For vBulletin versions 3.6.x, consider disabling the buildnavprefs and savenavprefs actions until a patch is available to prevent exploitation. Restrict access to the admincp/index.php file to minimize the risk of XSS attacks. Avoid using the prefs and navprefs parameters in the affected actions until the issue is resolved.