News Document Title:
====================
Prosieben Community - Persistent Script Code Injection [FIXED!]


Release Date:
=============
2011-10-31


Laboratory Article:
===================
The vulnerability researcher alexander fuchs (21) discovered a high priority sript code injection vulnerability in 
the Prosieben Community Portal. The vulnerability allows an remote attacker with registered user account to 
inject/execute persistent malicious script codes on the profile section of the user listing. After our last submission
we have now a stable contact to prosieben which allows to fix/patch issues within hours or a few days. The attacker 
vector has been removed by the developer within 12 hours but the complete issue has been fixed after 3/4 days.

Report-Timeline:
================
2011-10-23:	Vendor Notification
2011-10-24:	Vendor Response/Feedback
2011-10-26:	Vendor Fix/Patch
2011-11-01:	Public or Non-Public Disclosure


Advisory: http://www.vulnerability-lab.com/get_content.php?id=306