Fixed XSS vulnerability at searchx.aetna.com

2009-05-29T00:00:00
ID XSSED:61292
Type xssed
Reporter mckt
Modified 2010-07-18T00:00:00

Description

Security researcher mckt, has submitted on 29/05/2009 a cross-site-scripting (XSS) vulnerability affecting searchx.aetna.com, which at the time of submission ranked 8260 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 18/07/2010. It is currently fixed.

Vulnerable URL: http://searchx.aetna.com/_layouts/search/default.aspx?k=a%22%3E%3Cscript%3Ealert(1337)%3C/script%3E&selectedIndex=0&s=int_www.aetna.com&pt=SDAV%3ahref%2cContains%2chttp%3a%2f%2fwww.aetna.com/news/%2cAnd%2c&wd=+where+%22URL%22+Contains+http%3a%2f%2fwww.aetna.com/news/&RefURL=