Vanilla Forums versions 2.0 through 2.1.1 suffer from a cross site scripting filter bypass.
886cab150352c4f15528711131df90f73ecf383744e97b0143a136ce58c2861c
The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag <img> onerror event, that leads to stored XSS.
I notified the developers of existing vulnerabilities and they closed it in version 2.1.1
proof:
http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release
vulnerable versions:
2.0 to 2.1.1
maybe 1.* versions
my XSS exploit:
<img alt="<img onerror=alert(1)//"<">