Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30344
http://www.vupen.com/english/advisories/2006/4579
http://www.securityfocus.com/bid/21111
http://www.securityfocus.com/archive/1/451846/100/100/threaded
http://securityreason.com/securityalert/1913