Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").

References

• https://nvd.nist.gov/vuln/detail/CVE-2008-2768
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43054
• http://bugreport.ir/index.php?/41
• http://marc.info/?l=bugtraq&m=121322052622903&w=2
• http://securityreason.com/securityalert/3950
• http://www.securityfocus.com/bid/29672