Hi,

Thanks for the bug report. Please in the future for security bugs contact me directly instead of posting an exploit.

This problem can be fixed immediately and easily on any installation.

Using a text editor, edt the file Forums/Thead.aspx, look for this near the top:

<asp:Label ID="lblThreadDescription" runat="server" ></asp:Label>

and change it to this:

<NeatHtml:UntrustedContent ID="UntrustedContent5" runat="server" TrustedImageUrlPattern='<%# allowedImageUrlRegexPattern %>' ClientScriptUrl="~/ClientScript/NeatHtml.js">
<asp:Label ID="lblThreadDescription" runat="server" ></asp:Label>
</NeatHtml:UntrustedContent>

This will be fixed in the next release coming very soon.

Best,

Joe