This appears to be the same vulnerability as that reported to Bugtraq by trueend5 of KAPDA on January 1: BUGTRAQ:20060106 [KAPDA::#19] - Html Injection in vBulletin 3.5.2 URL:http://www.securityfocus.com/archive/1/archive/1/420663/100/0/threaded In fact, the text is exactly the same, as is the example. - Steve