vBulletin 3.7.2 PL1 was released some moments ago on www.vBulletin.com to patch a XSS exploit.

All of our vBulletin 3.7.2 skins are 100% compatible with vBulletin 3.7.2 PL1 as no templates have changed from 3.7.2.

Quote Originally Posted by vBulletin.com
An XSS flaw affecting the vBulletin control panel logging system has been identified, another was found affecting boards running in debug mode. It could allow an attacker to trick an admin into unwittingly performing an action within the control panel that they had not intended. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.7.2 and 3.6.10.

One of the XSS flaws was discovered by Jessica Hope and the other by ourselves.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
Read the full story here:
http://www.vbulletin.com/forum/showthread.php?p=1591431