Family Connections 2.7.2 has multiple XSS vulnerabilities. These
exsist in the prayers and news sections.
For familynews.php the 'post' variable is vulnerable.
For prays.php the 'for' variable is vulnerable.
01/14/12 - Vendor Notified
post=[XSS]
for=[XSS]
The script can be added right in the page, there is no filtering of
input.