Cross site scripting

Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...