[left]CoolPHP is vulnerable to cross-site scripting attacks. It is possible to construct a link containing arbitrary script code to a website running CoolPHP. When a user browses the link, the script code will be executed on the user's browser. This vulnerability occurs due to insufficient inspection of some user-supplied input. As a result of this deficiency an attacker may exploit the vulnerability by creating a specially crafted URL that includes malicious HTML code as URI parameters for index.php , Enjoy!