[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02].
Although new browsers have already patched this issue, it is still a security flaw.
According to a research here http://www.ie6countdown.com/
6.1% of the world’s population still uses IE6
22.2% of population in china also still uses IE6
The reflected xss is located here
The value of the parameter ‘media’ will be inserted into the img src.
On the 8th of August 2013, I reported a persistent cross site scripting vulnerability on freelancer.com
The bug was fixed on 27/08/2013
Freelancer.com Bug bounty program includes:
1) A freelancer.com t-shirt.
2) Listed on the site Hall of Fame. – http://www.freelancer.com/info/security-hall-of-fame.php
3) A whitehat hacker badge for your freelancer’s profile. -http://www.freelancer.com/u/wuming69.html
Freelancer.com Global Rank: 534