Unfixed XSS vulnerability at www.wetter.at

ID XSSED:57032
Type xssed
Reporter Viper.aT
Modified 2009-01-30T00:00:00


Security researcher Viper.aT, has submitted on 16/01/2009 a cross-site-scripting (XSS) vulnerability affecting www.wetter.at, which at the time of submission ranked 11450 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 30/01/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.wetter.at/wetter/search.do?searchTerm=%27%22%3E%3Cscript%3Ealert(%27XSS+by+Viper.aT%27)%3B%3C%2Fscript%3E%3Ch1%3EXSSED%3C%2Fh1%3E+&x=0&y=0