Not a XSS per se (you can only display html you injected yourself in the URL), but a bug (which is fixed now :p)
Misa3l
Xavier Roche
Created with FORUM 2.0.11