sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software Security Advisory: XSS Vunerabilities in Multiple CityPost Software Severity: Medium Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor and Automated Link Exchange Vendor: Allen Kim Vendor Website: http://tech.citypost.ca/ Proof of Concept Exploits: Simple PHP Upload - XSS http://localhost/simple-upload-53.php?message=[XSS] Simple Image Editor - XSS's in 5 seperate places http://localhost/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] Automated Link Exchange - XSS http://localhost/lnkx/message.php?msg=[XSS] snkenjoi.com & zone-h.org snkenjoi@gmail.com -- snkenjoi.com