iFlance=0D
Homepage:=0D
http://www.ifusionservices.co.uk/=0D 
=0D
Description:=0D
iFlance is a powerful freelance script, that allows anyone to run their very own own professional, profitable =0D
=0D
Freelancing website=0D
=0D
Effected files:=0D
acc_verify.php=0D
project.php=0D
all input boxes=0D
=0D
XSS BY URL Injection of acc_verify.php=0D
=0D
We put "> before and <" after the script tags to close the input box tags in the form box.=0D
=0D
<"&verify=verify=0D">http://www.example.com/account/acc_verify.php?vk="><"&verify=verify=0D 
=0D
Another XSS attack is possible if you put this in the login box as username and pw:=0D
=0D
=0D
=0D
project.php is vulnerable too due to the input boxes on it for posting a new project.