source: https://www.securityfocus.com/bid/8570/info
phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This issue is due to a lack of sufficient sanitization performed on user supplied URL BBCode tags.
An attacker may exploit this issue to steal cookie-based authentication credentials; other attacks may also be possible.
[url=http://www.example.com" onclick="alert('Hello')]text[/url]
[url=http://www.example.com" onclick=alert("bug");"]test[/url]