Unfixed XSS vulnerability at www.hit.ac.il

2008-12-30T00:00:00
ID XSSED:56072
Type xssed
Reporter k a n u r
Modified 2009-06-30T00:00:00

Description

Security researcher k a n u r, has submitted on 30/12/2008 a cross-site-scripting (XSS) vulnerability affecting www.hit.ac.il, which at the time of submission ranked 611384 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 30/06/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.hit.ac.il/icsweb/search.asp?all=1&chapter=search&chapter=events&chapter=research&chapter=staff&chapter=students&chapter=units&chapter=registration&chapter=categories&chapter=formgeneratorAdmin&chapter=online&chapter=extra&chapter=library&chapter=alumni&chapter=relations&chapter=about&str=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E