Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2768)