Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
https://exchange.xforce.ibmcloud.com/vulnerabilities/9473
http://www.securityfocus.com/bid/5140