Manx cms.xml 1.0.1 (ajax_get_file_listing.php) Multiple XSS Vulnerabilities

Title: Manx cms.xml 1.0.1 (ajax_get_file_listing.php) Multiple XSS Vulnerabilities
Advisory ID: ZSL-2011-5058
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 28.11.2011
Summary
Manx is a Content Management System that uses xml text files to store the page contents, instead of a mysql database.
Description
Input thru the GET parameters 'limit' and 'search_folder' in 'ajax_get_file_listing.php' are not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
Vendor
Paul Jova - http://manx.jovascript.com
Affected Version
1.0.1
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8
Vendor Status
[03.12.2011] Vendor releases patch (http://manx.jovascript.com/downloads.php).
PoC
manx_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/107353
[2] http://www.securityfocus.com/bid/50839
[3] http://secunia.com/advisories/47002/
[4] http://xforce.iss.net/xforce/xfdb/71516
[5] http://osvdb.org/show/osvdb/77403
[6] http://osvdb.org/show/osvdb/77404
[7] http://osvdb.org/show/osvdb/77405
Changelog
[28.11.2011] - Initial release
[29.11.2011] - Added reference [1] and [2]
[30.11.2011] - Added reference [3]
[01.12.2011] - Added reference [4], [5], [6] and [7]
[03.12.2011] - Added vendor status
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk