Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote malicious users to inject arbitrary web script or HTML via the listing parameter.
source: wwwsecurityfocuscom/bid/8972/info
It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter The problem may allow a remote attacker to execute HTML or script code in the browser ...