Unfixed XSS vulnerability at zakon.nau.ua

2008-06-12T00:00:00
ID XSSED:55297
Type xssed
Reporter Mystick
Modified 2009-01-30T00:00:00

Description

Security researcher Mystick, has submitted on 06/12/2008 a cross-site-scripting (XSS) vulnerability affecting zakon.nau.ua, which at the time of submission ranked 114164 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 30/01/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://zakon.nau.ua/?uid=1084.1.90&title=%D1%CB%CE%C2%CD%C8%CA%20%C7%C0%CA%CE%CD%CE%C4%C0%C2%D7%C8%D5%20%D2%C5%D0%CC%B2%CD%B2%C2'"></title><script>alert(1337)</script>'"><marquee><h1>Mystick</h1></marquee>