Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to msg.jsp, and the 2 contentid parameter to tc/contents/home001.jsp...