TITLE: jSchool Advanced "action" Cross-Site Scripting
PRODUCT: jSchool Advanced
PRODUCT URL: http://jogjacamp.com/script_4_jSchool_Advanced.html
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

BUG:

Input passed via the "action" parameter to index.php is not properly sanitised
before being returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of an affected
site.