BEMO Album - Reflected cross-site scripting (XSS)

 643 | function tt_render_list_page()
 644 | {
 645 |
 646 | //Create an instance of our package class...
 647 | $testListTable = new Image_To_Album_Table();
 648 | //Fetch, prepare, sort, and filter our data...
 649 | $testListTable->prepare_items();
 650 |
 651 | ?>
 652 | <div class=""wrap"">
 653 |
 654 | <div id=""icon-users"" class=""icon32""><br/></div>
 655 |
 656 | <!-- Forms are NOT created automatically, so you need to wrap the table in one to use features like bulk actions
 657 | <form id=""pictures-filter"" method=""get"">
 658 | <!-- For plugins, we also need to ensure that the form posts back to our current page -->
> 659 | <input type=""hidden"" name=""page"" value=""<?php echo $_REQUEST['page'] ?>"" />
 660 | <!-- Now we can render the completed list table -->
 661 | <?php $testListTable->display() ?>
 662 | </form>
 663 |
 664 | </div>
  665 |     <?php
  666 | }
      ^ Col 0