Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.Referenceshttp://secupent.com/exploit/WebGUI-7.10.29-XSS.txthttp://seclists.org/fulldisclosure/2015/Jan/79
