DiveBook <= 1.1.4 - Unauthenticated Reflected XSS

:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log’s filter functionality. Arbitrary URL parameters are reflected into the application’s response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link containing JavaScript, which will execute within the context of the victim’s browser. The “scrolled” parameter is also vulnerable." Note (WPScanTeam): The attack will only work with web browsers not encoding URL parameters