elefantcms
  vendor: http://www.elefantcms.com
  Version: Latest stable release: 1.0.2
  Author: Karthik R (3psil0nLambDa)
  Email:  Karthik.cupid@gmail.com
  My blog: www.epsilonlambda.wordpress.com
  Google dork: Powered by Elefant CMS

------------------------------------------------------------------------------------------------------------------------------------------------------------

Description about the CMS

Elefant is a content management system written in PHP that includes a modern PHP framework for web developers. Elefant is easy-to-use and straight-forward for all levels of users. It is also secure, fast, well-documented, and well-tested.

Elefant's admin tools are minimalist without sacrificing flexibility. We wanted a system that even our moms could use with little or no help, but that power users will enjoy using too. So we made hard choices to keep a lot of needless complexity out.

Instead, we focus on providing a solid editing experience out-of-the-box, well-considered default settings, and just the right set of features to satisfy 90% of the sites we encounter, as opposed to sacrificing simplicity in order to solve every possible edge case.

------------------------------------------------------------------------------------------------------------------------------------------------------------
* PERSISTENT XSS VULNERABILITY :

In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS

Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

------------------------------------------------------------------------------------------------------------------------------------------------------------