Multiple stored XSS in Vanilla Forums prior to 2.5 allow remote malicious users to inject arbitrary JavaScript code into any message on forum.
vanillaforums vanilla forums