Unfixed XSS vulnerability at www.lacountyparks.org

ID XSSED:58886
Type xssed
Reporter TheBig
Modified 2011-11-21T00:00:00


Security researcher TheBig, has submitted on 14/03/2009 a cross-site-scripting (XSS) vulnerability affecting www.lacountyparks.org, which at the time of submission ranked 5895398 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/11/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.lacountyparks.org/Parkinfo.asp?URL=cms1_033345.asp&Title=%22%3E%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Ch1%3E%3CIMG%20SRC=%22http://img16.imageshack.us/img16/8850/xss.png%22%3E%3C/h1%3E