A major XSS vulnerability was discovered in the Danbooru code. It should be patched now, but other sites that use the Danbooru code will be similarly vulnerable unless they are patched. If you know of any sites that use Danbooru code (or have similar interfaces), please tell them either to update from the latest Subversion trunk, or to search their code for places where text isn't being properly sanitized.
An easy way to test if their web site is vulnerable is to use <script type="text/javascript">alert('test')</script> or <b onload="alert('test')">[/b] as a tag name, a user name, a wiki page title or body, etc.
Also, in the interest of finding more of these vulnerabilities, anyone who discovers a similar sort of security risk will receive a privileged account.