Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://www.securityfocus.com/bid/75077
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000082