vBulletin? v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "><script>alert(document.cookie);</script> a cool messege box appear with cookies ;) earlier versions affected also . ------------------------------------------------------------------------ ----- Discovered by meto5757 ------------------------------------------------------------------------ -----