XSS on dict.cc fixed

A very popular online-translator in other languages is dict.cc. In everyday use, we found a cross-site scripting (XSS) vulnerability in the login function which we reported to the responible developer.

With a Cross Site Scripting (XSS) vulnerability an attacker is able to change the appearance and behavior of a website. This could also use for a phishingattack, to get the sessiondata or cookies. We send the responsible developer an email in the 25th may 2013 at midnight and the email was answered on the next day. The fix was also implemented on this day. We don’t looked deeper at the application and hope to sensitize the developer. So this case is ready and we say thank you for the fast reaction and the quick fix. We wish you fun when translating words via dict.cc

The team of internetwache.org

Screenshot of a XSS at dict.cc