A security issue has been discovered by the vBulletin team. This issue affects photo descriptions and could allow Cross Site Scripting. We have released security patches for the versions vBulletin 5.1.4 through 5.1.9 to close this vulnerability. It is recommended that all users apply the patch as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to the latest version as soon as possible.
You can download the patch for your version here: http://members.vbulletin.com/patches.php
To install the patch:
1) Download the appropriate files for your version of vBulletin 5
2) Upload all files found within the zip file. Make sure to overwrite the existing files on your server.
3) Run install/upgrade.php in your browser.
4) Delete the /core/install folder.
If you're using a version prior to 5.1.4, then you should upgrade to vBulletin 5.1.9 following standard upgrade procedures.
vBulletin Connect 5.1.10 and vBulletin Cloud has already had this fix applied.
5.1.9 Patch Level 2
5.1.8 Patch Level 2
5.1.7 Patch Level 2
5.1.6 Patch Level 4
5.1.5 Patch Level 4
5.1.4 Patch Level 7