Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 f, 2 d, and 3 ref parameters, and the 4 "MAKE DIR" and 5 "Full file name" fields...