A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values.
An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link. Code execution would occur in the context of the vulnerable site. It has also been reported that this issue may be exploited to disclose the installation path of the affected software.
Escapade Scripting Engine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "PAGE" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 0.3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.