http://locazo.net:81/applications/ SQL Injection Vulnerability found in "searchdb.asp" in versions 1.03c and prior. Please update to 1.04d as soon as possible or re-download the entire package. Note: no mention of XSS. Source code inspection suggests a possibility of an XSS "fix" but not proof. - Steve