Yes. In the past UBB.threads had several vulnerabilities during different stages. Generally, this was related to forgetting to call addslashes and sanitize all data coming from the user.
When we rewrote version 7 however we now pass everything through a variety of functions that take care of this. All of our sql queries go through a routine where we pass the user data in an array, and each one is sanitized/escaped properly before actually being passed to MySQL. So we haven't had an issue with this since 7.0 came out.
