ExpressionEngine version 2.2.2 and CodeIgniter version 2.0.3 suffer from filter bypass and cross site scripting vulnerabilities.