The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name PM Hijack Vulnerability VWE-ID VWE-2009-0046 Related Report None Severity HIGH Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description HTML/Javascript injection.
Discovered May 6, 2009 Resolved May 10, 2009 Patches Available 2.3.0 Workaround Update permissions so that untrusted users cannot send private messages.