Security researcher PaPPy, has submitted on 24/06/2009 a cross-site-scripting (XSS) vulnerability affecting www.metro.co.uk, which at the time of submission ranked 4145 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
Date submitted: 24/06/2009 |
Date published: 02/07/2009 |
Fixed? Mail us! | Status: UNFIXED |
Author: PaPPy |
Domain: www.metro.co.uk |
Category: XSS |
Pagerank: 4145 |
URL: http://www.metro.co.uk/email/emailConfirm.html?in_article_id=690958&in_page_id=2-------------------- -------------------------------------------------------------------------------------------------%20 --><script>alert('wow xss and possible SQL injection');</script><!--%20------------------------------------------------------------------------ -------------------------------------------- |
Click here to view the mirror
|
|
|