Can you please confirm my suggestion that: Interspire ArticleLive 2005 (php version) is vulnerable to XSS: e.g. http://localhost/articles/newcomment?ArticleId="><script>alert('hi')</script> // best wishes, mircia [mircia@xxxxxxxxxxxxxxxxxx]