see SecurityTracker.com Archives - Xoops Input Validation Flaw in 'newbb' Module Permits Cross-Site Scripting AttacksI've just made security patch for newbb of XOOPS 2.0.6RCThis patch also includes some fixes for peculiar bugs for 2.0.6RC.