------------------------------------------------------------------------ Software................Easy File Sharing Web Server Version 5.8 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate (2/5) Download................http://www.sharing-file.com/ Disclosure Date.........4/6/2011 Tested On...............Windows Vista ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A persistent cross-site scripting vulnerability in Easy File Sharing Web Server Version 5.8 can be exploited to execute arbitrary JavaScript. --Exploit-- Enter markup into the title or message fields of a forum message. --PoC-- <script>alert(0)</script>