CVE-2010-4607
Multiple cross-site scripting XSS vulnerabilities in Habari 0.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 additemform parameter to system/admin/dashadditem.php and the 2 statusdata parameter to system/admin/dashstatus.php. NOTE: so...