CVE-2011-5312
Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...