An XSS vulnerability has been discovered in vBulletin 3 and posted to BugTraq.
vBulletin 3 versions RC2, RC3 and RC4 are affected. This has necessitated the release of an updated version of includes/init.php to patch the problem.
The members' area package has been updated with this file.
If you are already running vBulletin 3 RC4, simply upload the attached init.php file to the 'includes' folder in your forum directory, overwriting the existing one.
If you are running a previous version of vBulletin 3, we recommend that you upgrade to the version of RC4 available in the members' area as soon as possible.
vBulletin 2.3.4 and earlier are not affected. Sites running vBulletin 2 need take no action.
A replacement search.php is now available for RC4 to fix a potential XSS issue. This issue exists only in RC4 unless you allow large words to be indexed in the search results (25+ characters). In that case all versions of vB3 would be affected. This search.php should be compatible with RC2 and RC3 but we recommend that you upgrade to RC4. The patched search.php is not yet available in the member's area so please download it from this post.