What I understand with reflected xss is: It is from allowing html submits from a user.
HTML submits can be allowed but it has never been endorsed to allow the general public to use. This forum software allows the admin to not allow anyone to post using HTML except for the admin if desired.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
We'll see about adding an additional filter if one doesn't already exist; but at best it looks like all you're going to get out of this is your own cookie information (which you can already use your browser to read or the UBB.threads clear cookies page) and have your own browser redirect you elsewhere.