Vanilla forum Stored XSS on any private message / thread post

[W S <w () inbox ru>]

 The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste 
into the HTML tag <img> onerror event, that leads to stored XSS.

I notified the developers of existing vulnerabilities and they closed it in version 2.1.1

proof:
http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release

vulnerable versions:
2.0 to 2.1.1 
maybe 1.* versions

my XSS exploit:
<img alt="<img onerror=alert(1)//"<"> 



Screenshot with alert in attach of this message.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/