------------------------------------------------------------------------
Software................PyroCMS 1.1.0
Vulnerability...........Persistent Cross-site Scripting
Threat Level............Moderate (2/5)
Download................http://pyrocms.com/
Vendor Contact Date.....3/11/2011
Disclosure Date.........3/25/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--Description--

A persistent cross-site scripting vulnerability in PyroCMS 1.1.0 can
be exploited to execute arbitrary JavaScript.


--Exploit--

The website field of the blog comment form is vulnerable to persistent
cross-site scripting. Because the length limits are not enforced
server side they can be bypassed by manipulating the form.


--PoC--

"style="position:absolute;top:0;left:0;width:9999px;height:200px;"onmouseover="alert(0)