Well lemme go straight to the point.
Facebook IS again vulnerable, this time to a HTML Injection vulnerability.
The exploit actually allows a malicious user to insert malicious HTML-based content within client web requests.
Let's take a look at the P.O.C. below
I actually have this in the url
Lets take a look at the body
Now, lets see a combination of the Title & Body using the famous Peter Attah Nigerian Scam Letter
The malicious user's imagination is his/her only limit!