GameFly XSS Vulnerability ========================= Discovered By: Matthew Benenati Release Date: 12/1/2005 Severity: Medium A cross-site scripting vulnerability exists in the search page of the popular online video game rental service GameFly. Example: http://www.gamefly.com/products/search.asp?k=%22%3E%3Cscript%20language=%22JavaScript%22%3Ejavascript:alert(document.cookie);%3C/script%3E