[原文]Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
source: http://www.securityfocus.com/bid/5945/info
phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.
It has been reported that phpRank is vulnerable to cross-site scripting attacks. Under some circumstances, it is possible to force the rendering of arbitrary HTML and script code through the add.php portion of the phpRank package. This could allow the execution of potentially malicious script and HTML in the security context of a vulnerable site.
http://example.com/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(42)%3C/script%3E