Unfixed XSS vulnerability at www.hossohbet.com

2007-02-27T00:00:00
ID XSSED:1254
Type xssed
Reporter Red Eye
Modified 2007-02-03T00:00:00

Description

Security researcher Red Eye, has submitted on 27/02/2007 a cross-site-scripting (XSS) vulnerability affecting www.hossohbet.com, which at the time of submission ranked 110112 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/03/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.hossohbet.com/mkportal/include/pmpopup.php?u1=www.redeye.org&m1=<script>alert(%2%200document.cookie)</script>&m2=<h1>Hacked%20</h1>&m3=By&m4=<h1>Red%20Eye//The_RedEye@Hotmail.De</h1