Zeroforum is vuln to this as well. Notified a few weeks ago and heard nothing back.
>>After a similar bug was discovered in phpBB 1.4.2, the authors fixed the
>>bug
>>with which JavaScript could inserted by using an [IMG] tag like:
>>
>>[img]javascript:alert('bla')[/img]
