Unfixed XSS vulnerability at no-evil.net

2008-05-26T00:00:00
ID XSSED:40021
Type xssed
Reporter Genosite
Modified 2008-05-27T00:00:00

Description

Security researcher Genosite, has submitted on 26/05/2008 a cross-site-scripting (XSS) vulnerability affecting no-evil.net, which at the time of submission ranked 622507 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 27/05/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://no-evil.net/MapQuest/FindRetailers/NearYou.asp?pageAction=&hdnLatitude=&hdnLongitude=&hdnType=ByLocation&txtAddress=&txtCity=&selStateProvince=&txtDistance=5&rdoUnit=Mi&txtDistance2=5&txtPostalCode=%3Cscript%3Ealert%28%27genosite%27%29%3C/script%3E