A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously. All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.
For the vBulletin 3.5.x branch, the problem can be resolved in one of three ways.
Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.5.3 package from the vBulletin Members’ Area and following the regular upgrade instructions.
Patch: A second option is to download the patch files attached to this thread and upload them to your web server, overwriting the existing files.
Plugin: The plugin built into vBulletin 3.5 allows the problem to be fixed with a simple plugin. The install file for this plugin is also attached to this thread and is the easiest way to fix the problem, as it does not require you to upload any files via FTP. The plugin will be automatically removed when you perform your next full upgrade. You can install the plugin by following the instructions here.
3.5.3 also contains a number of bug fixes. Click here for a list!
Hi Have tried the new vBulletin 3.5.3 and it works well