It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows attackers
to perform cross-site scripting attacks by using malicious URLs.
For the stable distribution (etch) this problem has been fixed in
version 0.2.4-2+etch1.
For the testing (lenny) and unstable (sid) distributions this problem
has been fixed in version 0.2.5-1.
We recommend that you upgrade your php-xajax package.