Hi, recently, I found an XSS vulnerability on one of the Russian-language forums. After several hours of research, the following was clear:
1. The forum where this vulnerability was noticed did not filter href. Therefore, it was possible to substitute the following script...