http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/ Name: TorrentFlux User-Agent XSS Vulnerability Published: 2006-10-06 Critical Level: Moderate Type: Cross-Site Scripting Where: Remote Status: 0-Day Software: Torrentflux 2.1 Discoverer: Steven Roddis (http://www.stevenroddis.com.au) I gave the authors of this product a week (more than usual) just to contact me, they have failed to do so; so I am releasing this vulnerability publicly! /admin.php Line: 325 $ip_info = $ip_resolved." ".$user_agent; Useragent is not esacped. Solution: Edit source code: /admin.php Line: 325: $ip_info = htmlentities($ip_resolved)." ".htmlentities($user_agent);