I found a bug in quite old forum system phpBB 1.4.4 phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack. [Vulnerable] You can put vbscript in [img] bbcode tags. For example: [img]vbscript: alert(document.cookie)[/img] Author: Gurjanov Ilia or Net agent050@xxxxxxx