phpRecDB is a free php script from phpRecDB Inc. It is used to create a real-time record collection website. A cross-site scripting vulnerability exists in phpRecDB version 1.3.1, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter r/view of the file /index.php, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.