XSS in NASA website

Advisory #1 (2008)

#############################
# Website: www.nasa.gov
# Bug: XSS - Cross Site Scripting
# Date: 25.03.08
#############################

Vulnerable URL: hxxp://search.nasa.gov/search/search

Click here for demo (XSS)

Fix: Validate input correctly for each and every dynamic parameter on the page. Also check the ISAPI filters, for we're still out here and looking ...

Cheers :)
Kish