Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2013-10/0033.htmlhttp://packetstormsecurity.com/files/123558https://exchange.xforce.ibmcloud.com/vulnerabilities/87809
