ParticleSoft Wiki v1.0.2 Effected files: input boxes on editing pages: XSS Proof of concept: We notice br tags are allowed, so by using a STYLE attribute using a comment to break up expression we can create a XSS vuln: Put the following in when editing a page: <br IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> Thanks to Rsnake & Roman Ivanov for the above xss example code.