source: https://www.securityfocus.com/bid/23999/info
 
Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
 
Jetbox CMS 2.1 is vulnerable. 

http://www.example.com/jetbox/index.php/view/supplynews/?companyname=[xss] 
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=[xss] 
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=[xss] http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=[xss] http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=[xss] 
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&require[xss] 
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=[xss] 
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=1&text=1&title=[xss]