Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/42882
http://www.slashcode.com/article.pl?sid=08/01/07/2314232
http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4
http://www.securitytracker.com/id?1020207
http://www.securityfocus.com/bid/29548
http://www.debian.org/security/2008/dsa-1633