Tender Knowledge Base Cross Site Scripting

`# Exploit Title: Tender Knowledge Base Cross Site Scripting  
# Date: 3.03.2012  
# Author: Sony  
# Software Link: http://tenderapp.com/  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/03/tender-knowledge-base-cross-site.html  
..................................................................  
  
Well, we have xss in the Tender Knowledge --> forgot_password.  
  
Demo:  
  
http://support.cloudflare.com/forgot_password  
  
http://3.bp.blogspot.com/-j7dJEjPwjhY/T1FzLD7PjvI/AAAAAAAAArk/lWTeCk3i9eA/s1600/cloudflare.JPG  
  
https://help.tenderapp.com/forgot_password  
  
http://4.bp.blogspot.com/-2YAp4-Ps-tc/T1FzR5ltHcI/AAAAAAAAArw/bNQoAEGNYMs/s1600/helptender.JPG  
`