Mail.ru: HTML injection at face.city-mobil.ru

Browser-specific IE HTML injection in city-mobil.ru On the moment of reporting, HTML injection within this scope was considered under same condition with XSS. Under current rules, HTML injection without proven XSS execution may be not eligible for bounty. https://rdot.org/forum/showthread.php?t=2...