iFlance
Homepage:
http://www.ifusionservices.co.uk/
Description:
iFlance is a powerful freelance script, that allows anyone to run their very own own professional,
profitable
Freelancing website
Effected files:
acc_verify.php
project.php
all input boxes
XSS BY URL Injection of acc_verify.php
We put "> before and <" after the script tags to close the input box tags in the form box.
Another XSS attack is possible if you put this in the login box as username and pw:
<IMG SRC=javascript:alert('XSS')>
project.php is vulnerable too due to the input boxes on it for posting a new project.