AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmful characters. XSS are possible because of this. Posting a blog Posting a listing Posting an event Adding comments Sending a message
