There is a reflected XSS vulnerability in the following php code ./embodystat/do.php: 251:<input type="hidden" name="page" id="page" value="<?php echo $_GET["page"] ?>" /> 254:<input type="hidden" name="exp" id="exp" value="<?php echo $_GET["exp"] ?>" /> 255:<input type="hidden" name="yahoo" id="yahoo" value="<?php echo $_GET["yahoo"] ?>" /> 267: <option value="<?php echo $value["term_id"] ?>" <?php echo $_GET["type"]==$value["term_id"]?"selected":"" ?>><?php echo $value["name"] ?></option> 274:<input type="text" name="title" id="title" value="<?php echo $_GET["title"] ?>" /> 276:<input type="text" name="time" id="time" value="<?php echo $_GET["time"] ?>" /> 462: <option value="baidu" <?php echo $_GET["exp"]=="baidu"?"selected":"" ?>>Baidu</option> 463: <option value="yahoocn" <?php echo $_GET["exp"]=="yahoocn"?"selected":"" ?>>Yahoo China</option> 464: <option value="yahoo" <?php echo $_GET["exp"]=="yahoo"?"selected":"" ?>>Yahoo</option> 465: <option value="google" <?php echo $_GET["exp"]=="google"?"selected":"" ?>>Google</option> 466: <option value="bing" <?php echo $_GET["exp"]=="bing"?"selected":"" ?>>Bing</option> 467: <option value="sogou" <?php echo $_GET["exp"]=="sogou"?"selected":"" ?>>Sougou</option> 470:Check Yahoo quote：<input type="checkbox" <?php echo $_GET["yahoo"]?"checked":""; ?> onclick="if(this.checked==true){document.getElementById('yahoo').value='1';}else{document.getElementById('yahoo').value='0'}" /> 489:<input type="hidden" name="page" id="page" value="<?php echo $_GET["page"] ?>" /> 500: <option value="<?php echo $value["term_id"] ?>" <?php echo $_GET["type"]==$value["term_id"]?"selected":"" ?>><?php echo $value["name"] ?></option> 507: <option value="baidu" <?php echo $_GET["exp"]=="baidu"?"selected":"" ?>>Baidu</option> 508: <option value="yahoocn" <?php echo $_GET["exp"]=="yahoocn"?"selected":"" ?>>Yahoo China</option> 509: <option value="yahoo" <?php echo $_GET["exp"]=="yahoo"?"selected":"" ?>>Yahoo</option> 510: <option value="google" <?php echo $_GET["exp"]=="google"?"selected":"" ?>>Google</option> 511: <option value="bing" <?php echo $_GET["exp"]=="bing"?"selected":"" ?>>Bing</option> 512: <option value="sogou" <?php echo $_GET["exp"]=="sogou"?"selected":"" ?>>Sougou</option> The variable page appears to send unsanitized data back to the users browser.