Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36285
https://exchange.xforce.ibmcloud.com/vulnerabilities/14212
http://www.vupen.com/english/advisories/2007/2995
http://www.securityfocus.com/bid/11907
http://www.securityfocus.com/bid/11906
http://www.securityfocus.com/bid/11905
http://www.securityfocus.com/bid/11904
http://www.securityfocus.com/bid/11903
http://www.securityfocus.com/bid/11894
http://www.securityfocus.com/bid/11891
http://www.securityfocus.com/bid/11890
http://www.securityfocus.com/bid/11888
http://www.securityfocus.com/bid/11882
http://www.securityfocus.com/bid/11880
http://www.securityfocus.com/bid/11868
http://www.securityfocus.com/archive/1/477881/100/0/threaded
http://securitytracker.com/id?1018613