Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.Referenceshttp://www.iss.net/security_center/static/10406.phphttp://www.securityfocus.com/bid/6004http://online.securityfocus.com/archive/1/296121
