Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24208
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
http://www.securityfocus.com/archive/1/422277/100/0/threaded