Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
secunia.com/advisories/27390
swamp.svn.sourceforge.net/viewvc/swamp/trunk/swamp/webapps/webswamp/src/java/de/suse/swamp/modules/actions/LoginActions.java?r1=666&r2=700
www.osvdb.org/38203
www.securityfocus.com/archive/1/482733/100/0/threaded
www.securityfocus.com/bid/26198
exchange.xforce.ibmcloud.com/vulnerabilities/37399