Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/9000
http://www.securityfocus.com/bid/4668