Vendor URL : http://www.episodex.de HTML Injection : "Name" & other fields in "default.asp" are not validated. Script code will be executed in the user's browser session, when the entry is viewed. Security Bypass : It is possible to edit settings without authentication by accessing the scripts "admin.asp" http://www.bahadorlover.com 3nitroToloen (!)
