Crossite scripting in web interface (requires authentication)
vulners.com/securityvulns/securityvulns:doc:3086