source: https://www.securityfocus.com/bid/26575/info PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects PHPSlideShow 0.9.9.2; other versions may also be vulnerable. http://www.example.com/scripts/demo/phpslideshow.php?directory=">