//-- MyBB 1.10 New XSS ' member.php ' --// Webattack :- 1- Logout 2- Open Firefox 3- Use [ Live HTTP Headers ] 4- Do Register 5- Agree It 6- Edit Cookies By Live HTTP Headers 7- Add This Cookies :D mybb[referrer]="></input><b>HTML</b><input>; //-- FixIT --// Open member.php GoTo Line :- 595 .. $referrername = $_COOKIE['mybb']['referrer']; Replace It With $referrername = htmlspecialchars($_COOKIE['mybb']['referrer']); //-- --//