Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25487
http://www.vupen.com/english/advisories/2006/1128
http://pridels0.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html