It was discovered that phpGedView, an application to provide online access to genealogical data, performed insufficient input sanitising on some parameters, making it vulnerable to cross site scripting.