((sorry if youget this twice, the reply page timed out)) iFdate v1.2 Homepage: http://www.ifusionservices.co.uk/products/product_ifdate.php Description: Packed full of great features, it supports themes and looks sleek, your users will be able to create & customize their very own profile page, upload pictures, rate users, create blogs. You can even upgrade them to premium tools and so much more, iFdate gives you the best performance on what a community site needs! Effected files: all input boxes XSS attack is possible if you put this in the login box as username and pw: '';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<IMG SRC=javascript:alert('XSS')>'';!--"<XSS>=&{()}'';!--"<XS S>=&{()} It should also be noted that all input boxes on the site for editing your profile, sending messages, posting in the forum, along with any other input box that doesnt sanatize user input before dynamically generating it isvulnerable.