A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of target users in the security context of the site hosting the vulnerable script.
Zorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "method" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.