Unfixed XSS vulnerability at www.site333.com

2007-10-29T00:00:00
ID XSSED:24239
Type xssed
Reporter Space-cowboY
Modified 2007-04-11T00:00:00

Description

Security researcher Space-cowboY, has submitted on 29/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.site333.com, which at the time of submission ranked 5884088 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.site333.com/celticsounds/store/comersus_message.asp?message=<IMG%20SRC="%68%74%74%70%3A%2F%2F%77%77%77%2E%66%72%65%65%77%65%62%73%2E%63%6F%6D%2F%66%69%32%65%62%75%67%2F%62%69%6F%68%61%7A%61%72%64%25%32%44%70%69%72%61%74%65%25%32%44%73%6B%75%6C%6C%25%32%44%74%61%74%74%6F%6F%25%35%46%53%43%25%35%46%68%61%63%6B%2E%50%4E%47">