Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/62815
http://www.securityfocus.com/archive/1/514527/100/0/threaded