CVE-2017-11651

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.