Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26616
http://www.neosecurityteam.net/advisories/Advisory-22.txt