Change Log

Fixed xss vulnerability by adding

$thread['subject'] = htmlspecialchars_uni($thread['subject']); 

This vulnerability was discovered by user 0xB9: https://community.mybb.com/user-120436.html