Advisory: ContentLion Alpha 1.3 XSS vulnerability Advisory ID: SSCHADV2012-004 Author: Stefan Schurtz Affected Software: Successfully tested on ContentLion Alpha 1.3 Vendor URL: http://www.contentlion.org/ Vendor Status: informed ========================== Vulnerability Description ========================== ContentLion Alpha 1.3 is prone to a XSS vulnerability in the login page ================== PoC-Exploit ================== http://[target]/contentlion-alpha-1-3/login.html?'" // vuln code in system/classes/login.php if($_SESSION['user']->isGuest()){ ?>