Unfixed XSS vulnerability at www.garage-vincent-citroen.com

2010-01-09T00:00:00
ID XSSED:69043
Type xssed
Reporter ATH-CREW
Modified 2011-12-25T00:00:00

Description

Security researcher ATH-CREW, has submitted on 01/09/2010 a cross-site-scripting (XSS) vulnerability affecting www.garage-vincent-citroen.com, which at the time of submission ranked 0 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.garage-vincent-citroen.com/popup_photo.php?id=%22%3E%3Cdiv%20id=%22main_logo%22%3E%20%3Cimg%20src=http://www.zmn1.net/up/upfiles/BDx17687.jpg%20mce_src=%22http://evil.tld/hacked.gif%22%3E%20%3C/div%3E