[原文]Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
BadBlue is a P2P file sharing application distributed by Working Resources. It is designed for use on Microsoft Windows operating systems. BadBlue is operated through a web interface, generated by an included web server running on the local system.
Additionally, user supplied input is displayed as the hidden form value "a0" without being sanitized.