Description - Avatar URL XSS Vulnerability in MyBB
Cross Site Scripting found in MyBB script.
Every user has an ability to edit his avatar URL. Avatar URL is not properly sanitized. This can be used to post arbitrary web script code using 'Tab' symbol.
Order Source Code Review
You may order source code analysis of your site made by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.