Unfixed XSS vulnerability at www.nhl.nl

2009-05-23T00:00:00
ID XSSED:61008
Type xssed
Reporter Jurpie
Modified 2009-05-23T00:00:00

Description

Security researcher Jurpie, has submitted on 23/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.nhl.nl, which at the time of submission ranked 184188 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 23/05/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.nhl.nl/nhl_nl/search.xml?magic_roxen_automatic_charset_variable=%E5%E4%F6%26%2333439%3B%40ISO-8859-1&db=search_nhl_nl&query=%3C/noscript%3E%3Cscript%3Ealert(/Jurpie/)%3C/script%3E%3Cnoscript%3E