I remember tiscali s.p.a.

I remember long time ago a dangerous bug on Tiscali servers that I found.  With this bug an evil user could grab cookie and could redirect with a fake-page to grab username and password of every client of all Tiscali s.p.a.

The string for understand how it work and begin this exploit was:

http://mail.tiscali.it/cp/ps/main/login/Login?isLogin=y&d=tiscali.it&u=
&J=&errorString=%3Cscript%3Ealert(%22bug%22)%3C/script%3E

Tiscali wrote me that was solved but I never verified.