Unfixed XSS vulnerability at demo.glype.com

2008-11-20T00:00:00
ID XSSED:54788
Type xssed
Reporter PaPPy
Modified 2009-09-19T00:00:00

Description

Security researcher PaPPy, has submitted on 20/11/2008 a cross-site-scripting (XSS) vulnerability affecting demo.glype.com, which at the time of submission ranked 50736 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 19/09/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://demo.glype.com/browse.php?u=http%253A//www.google.com/search%253F%2526hl%253Den%2526q%253D%2522%253E%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253B%253C/script%253E%2526btnG%253DGoogle%2520Search%2526b%253D4