JoomlaXi Cross Site Scripting

`  
1.JoomlaXi persistent XSS vulnerabilty  
vendor: www.joomlaxi.com  
Author: 3psil0nLambDa a.k.a Karthik  
Email: [email protected]  
My blog: epsilonlambda.co.cc  
Google dork: © 2008-2010 JoomlaXi.  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Description about the CMS  
  
JoomlaXi enrich web applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web.We are committed to develop most demanded and required applications in the field of Open Source. JoomlaXi was founded for breaking new ground and giving best solution to this world.  
  
JoomlaXi works in a specific approach as:  
  
Research the demand of Public in the field of Open Source;  
Provide them user friendly solutions to reach among those demands;  
Develop Software Products with the best assurance of services and support.  
  
JoomlaXi, A team since 2009, breaking its own limits every time has a large list of satisfied customers. Team has young, dynamic & talented team that drives the company passionately towards its goal.  
  
  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
* Persistent XSS vulnerability  
  
Event module in the front end, persistent XSS vulnerability  
  
Exploit: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>  
  
Example: Front end demo-> markmessier->events-> type the above tags in the input fields and save the event-> View profile   
  
you ll see a pop up ;) \m/  
  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Thanks to side-effects for his valuable guidance and greets to taashu for her love and support.  
`