Vivisimo Clustering Engine - Search Script Cross-Site Scripting

Author: ComSec
type: webapps
platform: java
port: 
date_added: 2003-10-21  
date_updated: 2012-12-09  
verified: 1  
codes: CVE-2003-1519;OSVDB-58895  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23268.txt  

source: https://www.securityfocus.com/bid/8862/info

Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link designed to execute arbitrary script code within the browser of a user who follows it.

http://www.example.com/search?query=<script>alert(document.domain)</script>