Achievo atksearch Cross Site Scripting Exploit

A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input.
Platform: 
Vulnerabilty ID: 
CVE-2009-2733
Product Version: 
9.0
Released Date: 
Monday, December 7, 2009 - 00:00