Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote malicious users to inject arbitrary web script or HTML via the show parameter.
satyadeep scratcher