DT Centrepiece , prior to version 4.1, contains flaws that allow remote cross site scripting and SQL injection attacks.  
The XSS flaw exists because the application does not validate the "searchFor" variable upon submission to the search.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
The SQL injection issue exists because the search.asp script is not properly sanitizing user-supplied input to the "searchFor" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

BID: 29403  

OSVDB: 45652 & 45653  

SA: 30382

XF: 42663  

Vendor Solution: Upgrade to version 4.1