Unfixed XSS vulnerability at www.e-bill.post.ye

2008-12-08T00:00:00
ID XSSED:47383
Type xssed
Reporter S0m.Ph
Modified 2008-08-15T00:00:00

Description

Security researcher S0m.Ph, has submitted on 12/08/2008 a cross-site-scripting (XSS) vulnerability affecting www.e-bill.post.ye, which at the time of submission ranked 206468 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 15/08/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://www.e-bill.post.ye/cgi-bin/test/transact.exe?id_tr=00000000000000017086&carte_eryal=oui&nom_client=You%20can%20see%20it%20after%20payment&nom_commercant=Public%20Telecommunication%20Corp&objet=Telecom%20e-billing&pathimg=&url=%20--%3E%20%3Cscript%3Ealert('S0m.Ph')%3C/script%3Es0m.ph