Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to 1 xml/index.php; or 2 the year parameter to view.page.inc.php, which is reachable through a view action to the top-level...