Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.