CVE-2007-0869

Name of the Vulnerable Software and Affected Versions: vBulletin version 3.6.4

Description: A cross-site scripting (XSS) issue exists in the Attachment Manager, specifically in the admincp/attachment.php file, allowing remote attackers to inject arbitrary web script or HTML via the Extension field.

Recommendations: For version 3.6.4, consider restricting access to the admincp/attachment.php file until a fix is available, and avoid using the Extension field in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.