Lyris ListManager contains flaws that allows remote cross site scripting.  
This flaw exists because the application does not validate the "words" variable upon submission to read/search/results. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: 29761

CVE: Pending 

FrSIRT Advisory ID: FrSIRT/ADV-2008-1859

Nessus: 33219  

OSVDB: 46150

SA: 30662

SecurityTracker Alert ID: 1020323  

Vendor Solution: