- Ticket has been submitted. The ticket number is SCR00994.

https://www.upoint.info/helpdesk/hd.client.php?action=view.ticket&ticket.number=SCR00994&ticket.passphrase=[HI]

While looking at some of your scripts, I noticed there are a few security issues:

UPOINT @1 Event Publisher
eventpublisher_admin.htm does not validate input to the Event, Description, Time, Website, 
and Public Remarks fields. This can be used for cross-site scripting (XSS) attacks.

eventpublisher_usersubmit.htm does not validate input to the Event, Description, Time, Website, 
and Public Remarks fields. This can be used for cross-site scripting (XSS) attacks.

A direct request to eventpublisher.txt will reveal the contents of private comments

--

UPOINT @1 Table Publisher
tablepublisher.cgi does not validate input to the Title of Table field, which can be used for XSS attacks.

Thanks