+-----------------------------------------------+
| MyBB 1.1.x Vulnerability Fix                  |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|  This is a temporary patch for MyBB 1.1.x     |
|  boads to protect against a new security      |
|  vulnerability before boards upgrade to       |
|  MyBB 1.2                                     |
|                                               |
|  This patch should only be applied to boards  |
|  running MyBB 1.1.x                           |
|                                               |
+-----------------------------------------------+

---------------------------
1. usercp.php
---------------------------

Find:
--
			if($mybb->user['away'] == "yes")
			{
				$awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
				$awaycheck['yes'] = "checked";
				$awaynotice = sprintf($lang->away_notice_away, $awaydate);
			}
--

ABOVE it add:
--
$user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
--

ALL DONE