Enano CMS 1.1.8pl1 Cross Site Scripting

Posted on 27 February 2015

# Exploit Title: EnanoCMS 1.1.8pl1 XSS Vulnerability # Google Dork: "Website engine powered by Enano" # Date: 24-2-2015 # Exploit Author: Dennis Veninga # Vendor Homepage: http://enanocms.org # Version: 1.1.8pl1 # Tested on: Firefox 36 & Chrome 38 / W8.1-x64 XSS Vulnerability in comments: http://{target}/enanocms/index.php/Main_Page?do=comments