The syntax highlighting mod used on this forum had an XSS bug.
http://www.phpbbstyles.co.uk/info/viewt ... ?f=5&t=126
If anyone used this mod, you need to update to the most recent version to fix it. I believe I recommended it to someone via PM but I have forgotten who so am posting this here
[syntax=text][i mg]http://nothing.com/file.png"onerror="alert('xss');[/i mg][/syntax]
used to work and cause the alert to be shown.
without the spaces obviously
Lucky that nobody noticed eh
EDIT: It looks like I am the only person who downloaded the fixed version. So if you know of any forums using this, go warn them !