Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users.
http://www.iss.net/security_center/static/9294.php
http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html