VWE-2009-0046 Viewing Source [template]Vulnerability | cve= | aka=PM Hijack Vulnerability | severity=High | difficulty=Normal | description=HTML/Javascript injection. | discover-date=May 6, 2009 | patch-date=May 10, 2009 | patches=2.3.0 | workaround=Update permissions so that untrusted users cannot send private messages. [/template] 315 characters