New bonus vulnerabilities in Excite. In this case vulnerabilities at other domain, than in MOSEB-29: Vulnerabilitiy at money.excite.com.
The vulnerability is at Excite White Pages (kevdb.infospace.com) which located on server of InfoSpace (Excite’s partner). These Cross-Site Scripting holes I found 31.05.2007.
The vulnerabilities are in qn, qf and qc parameters:
Moral: seeking in white pages can be dangerous.
Note, that Excite engine belongs to IAC Search & Media. So Ask.com also responsible for these vulnerabilities.
Also note, that Excite White Pages engine use InfoSpace engine. So InfoSpace also responsible for these vulnerabilities.