info
discussion
exploit
solution
references
HTML::BBCode HTML Injection Vulnerability
An exploit is not required.
Examples have been provided:
[img]javascript:alert(123)[/img]
[url=javascript:alert(123)]Click me[/url]
Privacy Statement
Copyright 2010, SecurityFocus
