Unfixed XSS vulnerability at secure.registerapi.com

2007-04-15T00:00:00
ID XSSED:6161
Type xssed
Reporter bill
Modified 2007-04-16T00:00:00

Description

Security researcher bill, has submitted on 15/04/2007 a cross-site-scripting (XSS) vulnerability affecting secure.registerapi.com, which at the time of submission ranked 180130 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 16/04/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://secure.registerapi.com/KM/KnowledgeBase/script_search_documents.php?account_name=4798&search_advanced=0&search_type=data_keywords&search_string=%22%3E%3Cscript%3Edocument.title='secure.registerapi.com%20-%20XSS%20PoC';%20document.body.innerHTML='%3Ccenter%3E%3Cbr%3Edaltd%20uNF!%3C/center%3E';%3C/script%3E