vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing. All versions of vBulletin prior to 3.0.6 and 2.3.6 are vulnerable. The only workaround is to disable BB code parsing in signat
http://www.webhostgear.com/186.html
http://www.webhostgear.com/186.html