Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26966
http://www.securityfocus.com/bid/18169
http://www.securityfocus.com/archive/1/435380/100/0/threaded
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt
http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631
http://sourceforge.net/forum/forum.php?forum_id=576483
http://securitytracker.com/id?1016178