Security researcher hexon, has submitted on 19/11/2010 a cross-site-scripting (XSS) vulnerability affecting curl.phptrack.com, which at the time of submission ranked 235325 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Vulnerable URL: http://curl.phptrack.com/examples/gmail.php?Message=%3Cbody%20onload=alert(String.fromCharCode(72,101,120,111,110,32,117,115,101,100,32,99,117,114,108,32,97,116,32,109,121,32,72,101,120,106,101,99,116,111,114,32,121,111,117,32,107,110,111,119,32,63,63,32,120,80))%3E