Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25331
https://exchange.xforce.ibmcloud.com/vulnerabilities/25099
http://zone14.free.fr/advisories/1
http://www.securityfocus.com/bid/17151
http://www.securityfocus.com/archive/1/428157
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0191.html