Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.
marc.info/?l=bugtraq&m=112206702015439&w=2
secunia.com/advisories/16169
securitytracker.com/id?1014554
www.hardened-php.net/advisory_112005.59.html
www.osvdb.org/18168
www.osvdb.org/18169
www.securityfocus.com/bid/14352
exchange.xforce.ibmcloud.com/vulnerabilities/21484
exchange.xforce.ibmcloud.com/vulnerabilities/21487