PHPResidence <= 0.6 XSS Discovered by: Nomenumbra Date: 23/5/2006 impact:moderate (privilege escalation,possible defacement) PHP Residence software doesn't sanitize any of it's input, allowing a malicious attacker (providing he/she has an account) to inject arbitrary HTML or javascript code Nomenumbra