A user supplied GET parameter is used to create the value used as the src value of an iframe displayed on all pages It allows for CSRF and javascript insertion techniques among others
An attacker could forge a malicious URL that could include javascript execution in the main browser frame context, force the target to view a malicious web page (c ...