Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote malicious users to inject arbitrary web script or HTML via the q parameter.
source: wwwsecurityfocuscom/bid/19745/info
HLstats is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks
Version 134 is reportedly affected by this iss ...