Originally Posted by Wildhoney
You've not filtered the inputs on your website and so I was able to easily inject Javascript in there without too much effort at all. Try adding strip_tags like so:
PHP Code:
$myVar = strip_tags($_POST['myVar']);
|
aw crap. I thought i'd covered that. Thanks for the heads up
I've fixed it now.