Since Eurpo CERT has Released a Hall of Fame program to handle reported issue by Security Researchers.
Lawrence Amer has reported Cross Site scripting Vulnerability into Europ CERT Security Team . and got Confirmation Response via email with name included in
Hall of Fame .
after confirming A fix , A vulnerability Description is Disclosed via Security Researcher Official Site
to discuss it .
Vulnerability Description :
The security issue allows remote attackers to inject own malicious script codes to the application-side of the vulnerable service module.
the vulnerability is located in the module "/scripts/wa-enisa.exe" in the affected domain "lists.enisa.europa.eu" . the vulnerable parameter is "A0" allow remote attacker to execute xss payload through the vulnerable parameter
proof of concept :
attacker are able to successfully produce the issue by using the following url :
scripts/wa-enisa.exe?A0=%../% 27%3E%3Ciframe%20src=http:// vulnerability-lab.com%3E
Vulnerability State : Patched