VLBook Message HTML Injection Vulnerability

info
discussion
exploit
solution
references

VLBook Message HTML Injection Vulnerability

VlBook is prone to a HTML-injection vulnerability because it fails to properly sanitize HTML and script code from user-supplied input.

An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.