Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32469
http://www.securityfocus.com/archive/1/459979/100/0/threaded