CVE-2006-7061
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
Date published : 2007-02-23
http://archives.neohapsis.com/archives/bugtraq/2006-06/0067.html