Unfixed XSS vulnerability at iol-1.directinsite.com

2008-01-29T00:00:00
ID XSSED:31729
Type xssed
Reporter Uber0n
Modified 2008-03-15T00:00:00

Description

Security researcher Uber0n, has submitted on 29/01/2008 a cross-site-scripting (XSS) vulnerability affecting iol-1.directinsite.com, which at the time of submission ranked 5551518 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 15/03/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://iol-1.directinsite.com/IBMIOLUS/EBPP/Company/IBMIOL/index.cfm?fuseaction=loginform&company=IBMIOL&language=en-us&maintenance=false&logoutReason=4&login_user=%22%3E'%3E%3CScRiPt%3Ealert(123)%3C/sCrIpT%3E%22'&CFID=8709108&CFTOKEN=d7480b9b-709d-40a7-9600-f57f84570054