phpBB versions 1.4.4 and below are susceptible to cross site scripting flaws.
914f1b472cfa122e40a3bf3a94173d2c67e0174583e07c4b89fffdcad6737345
I found a bug in quite old forum system phpBB 1.4.4
phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.
[Vulnerable]
You can put vbscript in [img] bbcode tags.
For example:
[img]vbscript: alert(document.cookie)[/img]
Author: Gurjanov Ilia or Net
agent050@sama.ru