Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29700
http://www.securityfocus.com/bid/20641
http://www.securityfocus.com/archive/1/449231/100/0/threaded
http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0006