Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
http://www.iss.net/security_center/static/9958.php
http://archives.neohapsis.com/archives/bugtraq/2002-08/0262.html