Unfixed XSS vulnerability at www.evangelkium.de

2012-01-14T00:00:00
ID XSSED:75694
Type xssed
Reporter 28C3
Modified 2012-01-25T00:00:00

Description

Security researcher 28C3, has submitted on 14/01/2012 a cross-site-scripting (XSS) vulnerability affecting www.evangelkium.de, which at the time of submission ranked 6028311 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.evangelkium.de/web/index.php?option=com_search&searchword=aaa&searchphrase=any&ordering=newest%22%20onmouseover={alert%28/Guess_we_are_behind_enemy_lines/%29}%20onmouseout=alert%28document.cookie%29%20style=position:fixed;top:33%;left:33%;width:33%;height:33%;%22