GameFly, the popular online video game rental service, suffers from a cross site scripting flaw.
ce3987d843bd39dcd1478bb5df3c15e8d042e5a41f5b48309878a478c11ec86a
GameFly XSS Vulnerability
=========================
Discovered By: Matthew Benenati <dk.mak0[AT]gmail.com>
Release Date: 12/1/2005
Severity: Medium
A cross-site scripting vulnerability exists in the search page of the popular online video game rental service GameFly.
Example:
http://www.gamefly.com/products/search.asp?k=%22%3E%3Cscript%20language=%22JavaScript%22%3Ejavascript:alert(document.cookie);%3C/script%3E