CVE-2009-3601
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
Date published : 2009-10-08
http://packetstormsecurity.org/0907-exploits/ultimatepoll-xss.txt