Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24140
http://www.securityfocus.com/bid/16272
http://www.securityfocus.com/archive/1/422145/100/0/threaded