Unfixed XSS vulnerability at www.searchum.umd.edu

2007-05-18T00:00:00
ID XSSED:7623
Type xssed
Reporter Hotpockets
Modified 2007-05-18T00:00:00

Description

Security researcher Hotpockets, has submitted on 18/05/2007 a cross-site-scripting (XSS) vulnerability affecting www.searchum.umd.edu, which at the time of submission ranked 5300 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 18/05/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.searchum.umd.edu/search?q=<script>alert("Ruh Roh! XSSRaggy!")</script>&site=&btnG=Search+UM&output=xml_no_dtd&sort=date%3AD%3AL%3Ad1&ie=UTF-8&btnG.y=0&client=UMCP&btnG.x=0&oe=UTF-8&proxystylesheet=UMCP