Unfixed XSS vulnerability at www.envirolink.org

2008-06-18T00:00:00
ID XSSED:42443
Type xssed
Reporter xylitol
Modified 2008-06-21T00:00:00

Description

Security researcher xylitol, has submitted on 18/06/2008 a cross-site-scripting (XSS) vulnerability affecting www.envirolink.org, which at the time of submission ranked 146382 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/06/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.envirolink.org/newsearch.html?searchfor=%27%22%3E%3C%2F%74%69%74%6C%65%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%33%33%37%29%3C%2F%73%63%72%69%70%74%3E%3E%3C%6D%61%72%71%75%65%65%3E%3C%68%31%3E%58%53%53%20%62%79%20%58%59%4C%49%54%4F%4C%3C%2F%68%31%3E%3C%2F%6D%61%72%71%75%65%65%3E&x=0&y=0