Unfixed XSS vulnerability at support.clickatell.com

ID XSSED:58908
Type xssed
Reporter PaPPy
Modified 2009-01-07T00:00:00


Security researcher PaPPy, has submitted on 15/03/2009 a cross-site-scripting (XSS) vulnerability affecting support.clickatell.com, which at the time of submission ranked 19920 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 01/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://support.clickatell.com/search.php?cx=011385790347605367781:svx4ujrukww&cof=FORID:11&ie=UTF-8&q='; alert(1); //&sa.x=0&sa.y=0&sa=Search#963