Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
secunia.com/advisories/21145
securityreason.com/securityalert/1267
securitytracker.com/id?1016548
www.majorsecurity.de/advisory/major_rls22.txt
www.osvdb.org/27413
www.osvdb.org/27414
www.securityfocus.com/archive/1/440652/100/0/threaded
www.securityfocus.com/archive/1/440889/100/100/threaded
www.securityfocus.com/bid/19098
www.vupen.com/english/advisories/2006/2914
exchange.xforce.ibmcloud.com/vulnerabilities/27880