Unfortunately I can't check this out as if as you say this happens on the Post function and I presume you have to be a registered member to post, and even if registered, posting just for postings sake would leave a rubbish post.
avast has in the past been very accurate in these detections:
I don't know what version of phpBB software the forum uses, but these script injections are commonly associated with out of date content management software.