Unfixed XSS vulnerability at www.pittsburghlive.com

ID XSSED:56518
Type xssed
Reporter PaPPy
Modified 2010-10-15T00:00:00


Security researcher PaPPy, has submitted on 08/01/2009 a cross-site-scripting (XSS) vulnerability affecting www.pittsburghlive.com, which at the time of submission ranked 14302 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 15/10/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.pittsburghlive.com/x/search/?searchwords="><script>alert(1);</script>&fields=full&paper=all&search_range=quick&quick=7&amonth=01&aday=01&ayear=2009&bmonth=01&bday=01&byear=2009&pg_len=25&sort_by=story_date&result_type=with