Cross site scripting

Cross-site scripting XSS vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the newlanguage parameter in a login action...