Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
http://www2s.biglobe.ne.jp/~tatsuji/souko/souko_index.htm
http://www2s.biglobe.ne.jp/~tatsuji/souko/annnai.html