Description: "title.php" gets "frame" parameter with sqgetGlobalVar function. sqgetGlobalVar function apply decodeHTML function to variable. This function decode
HTML tags so its make a chance to succesfull exploitation with some browser (e.g. Mozilla Firefox encodes HTML tags). After that application include "frame"
variable into inline javascript code.
Exploit/POC: http://www.anatoliasecurity.com/exploits/overlook-xss-poc.txt