Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the ActionType parameter to Bug.php, the ReportMode parameter to 2 Report.php or 3 ReportLeft.php, or the PATHINFO to 4 AdminProjectList.php, 5 AdminGroupList.php...