I got an email saying that there are vulenerabilities with the script. I am running the lastest version and don't believe there claim. Just wanted you to see their claim and to let me know if it is an issue. I am including the person information if you wish to ask questions from them. Thanks for a great product and look forward to your answer.

Email----
As we tested your site, it turns out that there are field in your web site pages from which some can execute scripts.

These are the steps we took to discover these vulenerabilities:

From the Contact Us page, we manipulated the source code to show a hidden input field (name = required, value = email). In that field, we inserted a harmless script: alert(document.domain)

We then clicked submit and the script was executed (you should see a small alert window with the domain name).

We found that issue in the info request page as well.

What you need to do is to make sure that all the input fields, hidden or not, are sanitized before being executed. What that means is the you
replace characters, such as < > " ' and - with their hex representation, or remove them all together so that there is no possibility of a
malicious script being executed that can compromise your customers' private information or their system.

Once you think you have sanitized the website input fields, run another scan. If all the fields are sanitized, you should get a passing scan.

Let us know if you have any further questions.

--
Daniel Rodriguez
SecurityMetrics
Technical Support
801.705.5700 Support
801.724.9600 Main
801.724.9700 fax
0207.993.8031 UK Support
www.securitymetrics.com