I noticed that the forum is configured to allow embedding of youtube video, which is flash. Allowing embedding of flash requires allowing html in posts, which is a serious security hazard. It can open all users on the site to the possibility of cross-site-scripting attacks, meaning that if a user is logged in to another website, then their login cookies for the other site could be stolen via XSS scripts running through this site.
One reference here. Plenty of others are to be found with a quick googling.
http://www.vbulletin.com/forum/showthread.php?t=293146
One reference here. Plenty of others are to be found with a quick googling.
http://www.vbulletin.com/forum/showthread.php?t=293146