eSyndiCat Portal System has an xss bug in search.php can be exploited from web interface http://www.example.com/[path]/search.php?what=[xss]&search_top.x=0&search_top.y=0&search_top=GO -------------------- Discovered by meto5757 Rootshell Security Group