Product: Bes-mcmf

Vendor: http://bes.h6p.org/ (project dead)

Issue: Search Field XSS

Credit: security curmudgeon (jericho[at]attrition.org)