//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --// Webattack :- /mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script> //-- FixIT --// Open member.php GoTo Line :- 1030 .. if($mybb->input['url']) { redirect($mybb->input['url'], $lang->redirect_loggedin); } Replace It With if($mybb->input['url']) { redirect(htmlspecialchars($mybb->input['url']), $lang->redirect_loggedin); } //-- --//