Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and previous versions allows remote malicious users to execute arbitrary Javascript via [url] tags.