Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote malicious users to execute arbitrary web script or HTML via the attachment upload function.
xiuno xiunobbs 4.0.4