Unfixed XSS vulnerability at student.cuny.edu

ID XSSED:71530
Type xssed
Reporter p0pc0rn
Modified 2011-09-12T00:00:00


Security researcher p0pc0rn, has submitted on 05/01/2011 a cross-site-scripting (XSS) vulnerability affecting student.cuny.edu, which at the time of submission ranked 4202 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 09/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://student.cuny.edu/cgi-bin/SectionMeeting/SectMeetCourses.pl?DB=ORACLE_A<script>alert(/xssed byp0pc0rn/)</script>