# Exploit Title: Family Connections 2.7.2 Multiple XSS
# Date: 01/14/12
# Author: G13
# CVE: 2012-0699
# Software Link: https://sourceforge.net/projects/fam-connections/
# Version: 2.7.2
# Category: webapps (php)
# Google dork: "powered by Family Connections"
##### Vulnerability #####
Family Connections 2.7.2 has multiple XSS vulnerabilities. These
exsist in the prayers and news sections.
For familynews.php the 'post' variable is vulnerable.
For prays.php the 'for' variable is vulnerable.
##### Vendor Notification #####
01/14/12 - Vendor Notified
##### Affected Variables #####
post=[XSS]
for=[XSS]
##### Exploit #####
The script can be added right in the page, there is no filtering of
input.
