Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.Referenceshttp://sourceforge.net/project/shownotes.php?release_id=144274http://www.securityfocus.com/bid/7035http://secunia.com/advisories/8257http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842
