Unfixed XSS vulnerability at www.stmspa.com

ID XSSED:64895
Type xssed
Reporter l3d
Modified 2010-07-07T00:00:00


Security researcher l3d, has submitted on 22/10/2009 a cross-site-scripting (XSS) vulnerability affecting www.stmspa.com, which at the time of submission ranked 1871436 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/07/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.stmspa.com/linea.asp?idlinea=1&webstats=%22%3E%3Cscript%3Ealert%28%22Hello...%20l3d%22%29;%3C/script%3E%3Cfont%20color=%22red%22%3E%3Cfont%20size=%2210%22%3Epwnz%20by%20l3d%3C/font%3E%3C/font%3E