source: https://www.securityfocus.com/bid/19948/info XHP CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks. Version 0.5.1 is vulnerable; other versions may also be affected. http://www.example.com/index.php?errcode=