OK .
First see this :
http://www.securityfocus.com/archive/1/420663/30/120/threaded
Credit ?
Savsak.com [Ejder And The_BeKiR And Liz0Zim And CyberLord]
So what is this ?
Credit :
Discovered & released by trueend5 (trueend5 kapda ir)
Security Science Researchers Institute Of
This appears to be the same vulnerability as that reported to Bugtraq
by trueend5 of KAPDA on January 1:
BUGTRAQ:20060106 [KAPDA::#19] - Html Injection in vBulletin 3.5.2
URL:http://www.securityfocus.com/archive/1/archive/1/420663/100/0/threaded
In fact, the text is exactly the same, as is t
Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug:
Html_Injection (Second order Cross_Site_Scripting) Exploitation: Remote with
browser
Html_Injection : The software does not properly filter HTML tags in the title
of events before being passed to user in 'calendar.php'&'remin
