Simple Machines has just released a security patch for SMF.
This release addresses a cross-site scripting vulnerability in the search function.
The fix for the 1.0.x has been released as 1.0.9. The version number of 1.1RC3 has remained as is, but you need to download and update your SMF installation ASAP!
Just last week my forum was hacked. I’m not sure if this is the reason, but having your software vulnerable XSS is a sure shot way to getting hacked.
Download the files below (you may need to be registered to the forum) and replace the files in your installation with the php files in the package.