MOSEB-27: Vulnerability at euroseek.com
21:54 27.06.2007Next participant of the project is Euroseek search engine. Euroseek it is regional search portal designed to find information in Europe.
The vulnerability is at Euroseek (euroseek.com) in search results. This Cross-Site Scripting hole I found 30.05.2007.
XSS:
The vulnerability is in language parameter:
http://euroseek.com/system/search.cgi?mode=internet&language=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: regional seeking can be dangerous.
Note, that Euroseek engine use Google search engine. So Google also responsible for this vulnerability.
