SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").