Recently Yair Amit and I have discovered a Cross-Application Scripting vulnerability in Babylon which could lead to code execution.

Full details can be obtained from the following references:
1. Blog post
2. Advisory
3. Proof of concept:


-Roee