XSS Vulnerability found In newsalloy.com
http://newsalloy.com has XSS filtering how ever it can be bypassed it by adding String.fromCharCode() function,as he has done in example when you execute the script you will see alert box.
And we can also insert an image using <img src= />, you can see image below.
Website: http://newsalloy.com/
Second Vulnerable Link: http://newsalloy.com/topic/%3Cimg_src%3D%22http%3A%2F%2Fi40.tinypic.com%2F125l7ja.jpg%22_%2F%3E/
Found By : Girish Shrimali