source: https://www.securityfocus.com/bid/4548/info
IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.
An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials.
Post a message with the following text in the subject or message body:
<script>alert('Cross Site Scripting possible');</script>
