Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...