[IMG] tag vulnerability in vBulletin
product : vbulletin versions : 2.2.2, 2.2.0 , maybe others. Probleme : One knows that if one sendings this code in private message : IMGjavascript:alert'hum';/IMG a space will be placed between "java" and "script". This filter can be by-passed : IMGjavasript:alert'hop';/IMG More details in french...