Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field.
http://www.securityfocus.com/bid/5131
http://www.securityfocus.com/bid/5130
http://www.iss.net/security_center/static/9472.php