Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.Referenceshttp://secunia.com/advisories/37910http://www.exploit-db.com/exploits/10622http://www.securityfocus.com/bid/37464http://osvdb.org/61298
