Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php
line 63
allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
...
if (strlen(check_str($_GET['redirect'])) > 0) {
echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
}
...