JGS-Portal Multiple XSS and SQL injection Vulnerabilities

Summary
The remote host is running the JGS-Portal, a web portal written in PHP. The remote version of this software contains an input validation flaw leading multiple SQL injection and XSS vulnerabilities. An attacker may exploit these flaws to execute arbirtrary SQL commands against the remote database and to cause arbitrary code execution for third party users.
Solution
Unknown at this time