Vulnerability type: XSS injection
Critical rating: 6/10. Known injection vulnerabilities are not
source altering, so the user must click on a specially crafted
link to be exploited. Vulnerabilities can be exploited to steal
session cookies, among other things.
Admin notification: 4/26/09
Admin response: 4/26/09
Proof of concept: