Unfixed XSS vulnerability at websrv01.kidshealth.org

2009-07-10T00:00:00
ID XSSED:64732
Type xssed
Reporter XSSLotion
Modified 2011-12-20T00:00:00

Description

Security researcher XSSLotion, has submitted on 07/10/2009 a cross-site-scripting (XSS) vulnerability affecting websrv01.kidshealth.org, which at the time of submission ranked 3975 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: https://websrv01.kidshealth.org/enews/EE/Subscription_Form_Page1.jsp?lic=1&prog_id=<h1>XSSED!</h1><imgsrc="http://icanhascheezburger.files.wordpress.com/2007/12/funny-pictures-lol-squid.jpg"><title>owned</title><font color=purple><h1>:D</h1>