https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak