Exploit Title: Croogo Cms Multiple Cross Site Scripting Vulnerabilities # Date: 06/04/2013 # Author: Nikhalesh Singh Bhadoria # Twitter: @nikhaleshsingh # Download Link: http://www.croogo.org/ # Versions Affected: Croogo 1.3.5 # Category:Xss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Description: The Vulnerabilities in admin area contacts options and many other place input in is not sanitized. Therefore it results in a stored cross-site scripting. POC: http://www.youtube.com/watch?v=gyt4-0ekalc&feature=youtu.be Code :- ######################################################################################################## ">