In February 2002 a vulnerability was reported that allowed malicious script to read data that it should not have access to, the XML File Reading via Redirect vulnerability. In August 2002 this was patched along with 5 other security holes.

In October 2004 Greymagic site reported that the vulberability has returned.