Cross-site scripting (XSS) vulnerability in UseBB prior to 0.7 allows remote malicious users to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.