AdaptCMS 3.0.1 Cross Site Scripting Vulnerability Author : syst3m_f4ult Homepage : http://www.adaptcms.com/ Vendor : Adapt CMS Version : 3.0.1 (probably all versions) Tested on : ubuntu 12.04 Date : 2013-10-11 ----------------------------------------------------------------------- I. POC & Exploit ----------------------------------------------------------------------- The following page is vulnerable to XSS (Method: POST): http://localhost/search [data[Search][q] parameter] Insert the following code inside the search box and hit Enter Demo: http://www.solitudeisbliss.com/search/ http://www.insanevisions.com/search/