The helpdesk utility called usd250 suffers from a cross site scripting vulnerability.
68208b8694df5e6a681f5078da14221c75ded411ff2a9c44084035c3577c90c5
http://www.oneorzero.com/
Within the helpdesk utility usd250, an XSS in the comments field is possible.
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices.
The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.