Unfixed XSS vulnerability at beta.washington.org

2011-07-26T00:00:00
ID XSSED:73634
Type xssed
Reporter NOPO TEAM
Modified 2011-11-21T00:00:00

Description

Security researcher NOPO TEAM, has submitted on 26/07/2011 a cross-site-scripting (XSS) vulnerability affecting beta.washington.org, which at the time of submission ranked 133562 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/11/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://beta.washington.org/search?search=null[]&search=null[0]&search=null[1]&search=null[2]&search=null[3]&search=null[4]&search=null[5]&search=null[6]&search=;null.null.null.null.null.null.null;&search=null[]&search=<&search=%3Cbody%20onload=%22javascript:alert%28%27xss,%20by:mr_cBack%27%29;%22