Unfixed XSS vulnerability at www.boats.com

ID XSSED:47664
Type xssed
Reporter mckt
Modified 2008-08-16T00:00:00


Security researcher mckt, has submitted on 16/08/2008 a cross-site-scripting (XSS) vulnerability affecting www.boats.com, which at the time of submission ranked 27077 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 16/08/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.boats.com/boats/search/boats_search.html?sfm=false&slim=quick&sm=3&bn=searchbar&Ntk=boatsEN&luom=126&currencyid=100&Ntt=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E