Unfixed XSS vulnerability at www.guruji.com

ID XSSED:67258
Type xssed
Reporter Rohit Bansal
Modified 2011-12-20T00:00:00


Security researcher Rohit Bansal, has submitted on 15/06/2010 a cross-site-scripting (XSS) vulnerability affecting www.guruji.com, which at the time of submission ranked 41320 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.guruji.com/image?imgurl=http://www.india.gov/met8/eatl/wv-l.jpg&imgwpurl=javascript:alert%28/xss/%29&thmburl=/timage%3Fhl%3Den%26q%3DOTAL2hvbWUzL29wcy9TRS9EQi5pbWFnZS8yLzEvMTQvNDE4LmpwZz5MW3M&imgsize=%2081&dimension=%20720px%20x480px%20&q=lol&ss=1&s=0&imgnum=8