CVE-2002-0959

Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.

CVE-2003-0590

Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.