CVE-2008-6571
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
Date published : 2009-03-31
http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup