The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple input flaws letting users
conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable
to XSS.
It does not filter script tags and simple scripting like <script>alert(βXSSβ)</script> will work. Nearly all
of the systems input boxes is open for scripting tags.
Furthermore itβs open for directory browsing ( http://<site>/images ).
The developers has been notified, and working on patching the system.
Please credit to: Preben NylΓΈkken