Unfixed XSS vulnerability at www.massbankers.org

ID XSSED:25690
Type xssed
Reporter t0fx
Modified 2007-11-21T00:00:00


Security researcher t0fx, has submitted on 12/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.massbankers.org, which at the time of submission ranked 0 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://www.massbankers.org/secure/login.asp?Action=>"><ScRiPt%20%0a%0d>alert(2014466294)%3B</ScRiPt>&username=email%20address&dummypassword=password&password=111-222-1933email@address.com&login=OK