Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.Referenceshttp://secunia.com/advisories/56931http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141
