Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
http://www.vupen.com/english/advisories/2007/0755
http://www.securityfocus.com/bid/22690
http://www.securityfocus.com/archive/1/461330/100/100/threaded