Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote malicious user to execute arbitrary code via the lastComment parameter.
easycorp zentao 11.6.4