Unfixed XSS vulnerability at www.sitec.lu

2010-10-17T00:00:00
ID XSSED:69986
Type xssed
Reporter WaZo
Modified 2011-12-25T00:00:00

Description

Security researcher WaZo, has submitted on 17/10/2010 a cross-site-scripting (XSS) vulnerability affecting www.sitec.lu, which at the time of submission ranked 4780115 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.sitec.lu/cms/sitec/content.nsf/va_CntByDateTimeFR?searchview&query=%22%27%3E%3Cscript%3Ealert%28/XSS%20By%20WaZo/%29%3C/script%3E%3Ciframe+src%3D%22http://www.xssed.com/%22+height%3D%221500%22+width%3D%221100%22/%3E&count=25&searchorder=1&searchfuzzy=0&searchwv=0&language=fr&layoutunid=B55D32D1641EBA1BC12577980048BC4E