[原文]Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum.
PHPX contains a flaw that allows a remote HTML code injection. This flaw exists because the application does not validate subject variables in Personal Messages and Forum. This could allow a user to embed a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 3.2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.