ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.

By admin