RongTruong26 GiongfNef

## CVE-2023-39777
[Summary]
I have discovered a Cross-Site Scripting (XSS) vulnerability in vBulletin latest version 6.0.0, which also impacts lower versions. The vulnerability allows an attacker to inject malicious scripts into the Admin Control Panel, potentially leading to unauthorized access, data theft, or further exploitation.

[Description]
The XSS vulnerability can be triggered when an authenticated user accesses to path `/admincp` and try to login to the Admin Control Panel. The vulnerability is due to inadequate input sanitization, allowing an attacker to inject malicious scripts that will execute in the context of the targeted administrator's session so as to hijack admin's credential.

[Steps to Reproduce]
1. Log in  /admincp  in vBulletin Admin Control Panel.
2. Through the 'url' parameter, it is possible to inject JS code to escape, bypass white space then trigger XSS.
	[Summary]
	I have discovered a Cross-Site Scripting (XSS) vulnerability in vBulletin latest version 6.0.0, which also impacts lower versions. The vulnerability allows an attacker to inject malicious scripts into the Admin Control Panel, potentially leading to unauthorized access, data theft, or further exploitation.

	[Description]
	The XSS vulnerability can be triggered when an authenticated user accesses to path `/admincp` and try to login to the Admin Control Panel. The vulnerability is due to inadequate input sanitization, allowing an attacker to inject malicious scripts that will execute in the context of the targeted administrator's session so as to hijack admin's credential.

	[Steps to Reproduce]
	1. Log in /admincp in vBulletin Admin Control Panel.
	2. Through the 'url' parameter, it is possible to inject JS code to escape, bypass white space then trigger XSS.