MaxWebPortal contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate search parameters upon submission to the search.asp script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, MaxWebPortal has released a patch to address this vulnerability.