Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.Referenceshttp://www.securityfocus.com/bid/35385https://www.exploit-db.com/exploits/8965
