• info
• discussion
• exploit
• solution
• references

SafeHTML UTF-7 And CSS Comment Tag Cross Site Scripting Vulnerabilities

An exploit is not required.