Unfixed XSS vulnerability at www.chron.com

ID XSSED:74017
Type xssed
Reporter Hood3dRob1n
Modified 2011-12-22T00:00:00


Security researcher Hood3dRob1n, has submitted on 21/09/2011 a cross-site-scripting (XSS) vulnerability affecting www.chron.com, which at the time of submission ranked 2187 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 22/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.chron.com/?controllerName=search&action=search&channel=home&search=1&firstRequest=1&query=%22%3E%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&x=0&y=0&searchindex=property