Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote malicious users to insert arbitrary HTML and web script via the post icon (image_subject) field.
source: wwwsecurityfocuscom/bid/8198/info
Splatt Forum has been reported prone to a HTML injection vulnerability
An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML code As a result, a malicious user may have the ability to submit a post to the site containi ...