Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to 1 xml/index.php; or 2 the year parameter to view.page.inc.php, which is reachable through a view action to the top-level...

project alumni 1.0.9 - Cross-Site Scripting / SQL Injection

project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9, v1.0.8, or lower?? download :...