Unfixed XSS vulnerability at search.bu.edu

ID XSSED:46523
Type xssed
Reporter ib00sti
Modified 2008-07-29T00:00:00


Security researcher ib00sti, has submitted on 28/07/2008 a cross-site-scripting (XSS) vulnerability affecting search.bu.edu, which at the time of submission ranked 5350 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 29/07/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://search.bu.edu/search?q=%5C%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&Submit=Search&site=default_collection&output=xml_no_dtd&client=default_frontend&sort=date%3AD%3AL%3Ad1&proxystylesheet=default_frontend&oe=UTF-8