CVE-2014-2965

Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.