Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/20038http://www.digitalparadox.org/advisories/rga.txthttp://www.securityfocus.com/archive/1/395527http://www.osvdb.org/15430http://www.securityfocus.com/bid/13080http://secunia.com/advisories/14906http://www.osvdb.org/15431
