Advisory: www.elitepartner.de - Cross-site Scripting vulnerability Advisory ID: SSCHADV2012-024 Author: Stefan Schurtz Affected Software: Successfully tested on www.elitepartner.de Vendor URL: http://www.elitepartner.de Vendor Status: fixed ========================== Vulnerability Description ========================== http://www.elitepartner.de is prone to a XSS vulnerability ========================== PoC-Exploit ========================== http://www.elitepartner.de/km/gfx/starthomepage/ http://www.elitepartner.de/km/static/js/jquery/ http://www.elitepartner.de/km/gfx/ http://www.elitepartner.de/km/static/ http://www.elitepartner.de/km/js/ http://www.elitepartner.de/km/static/js/omniture/ http://www.elitepartner.de/km/static/js/ Referer: '"> ========================== Solution ========================== fixed ========================== Disclosure Timeline ========================== 23-Dec-2012 - informed by contact form 10-Jan-2012 - fixed by developer ========================== Credits ========================== Vulnerability found and advisory written by Stefan Schurtz. ========================== References ========================== http://www.darksecurity.de/advisories/2012/SSCHADV2012-024.txt