Fixed XSS vulnerability at www.orientaltrading.com

2007-11-28T00:00:00
ID XSSED:26740
Type xssed
Reporter tenest
Modified 2007-11-29T00:00:00

Description

Security researcher tenest, has submitted on 28/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.orientaltrading.com, which at the time of submission ranked 6618 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 29/11/2007. It is currently fixed.

Vulnerable URL: http://www.orientaltrading.com/application?namespace=search&origin=searchMain.jsp&event=button.search&Ntt=%3Cimg%20src=foo.png%20onerror=alert('xssed')%20/%3E&x=12&y=20&Ntk=all&Ntx=mode%2Bmatchallpartial&N=0