PHPJabbers Bus Reservation System version 1.1 suffers from multiple persistent cross site scripting vulnerabilities.