Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.Referenceshttp://osvdb.org/50225http://secunia.com/advisories/29724http://osvdb.org/50226http://osvdb.org/50227http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup
