From: Psiczn Psiczn <psiczn[at]gmail.com>
Date: Mon, 4 Feb 2008 10:54:24 +0000
Subject: [OSVDB Mods] Bugs - Advisories

[ ADVISORY NUM. 3 ]*

Information
--------------------------------------------------------
[-] Script: Gelato CMS
[-] Version: 0.95
[-] Download: http://gelatocms.googlecode.com/files/gelato0-95.zip


Bugs
-------------------------------------------------------
[-] Author: Psiczn
[-] File : Comments.php
[-] HTML Injection

Exploit:
We can inject malicious code inside of the comments, this is
very dangerous because the attackers can make a redirection,
grab the cookies and more.