Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.Referenceshttp://secunia.com/advisories/14802http://marc.info/?l=bugtraq&m=111247198021626&w=2http://www.securityfocus.com/bid/12974
