stepstone.de XSS vulnerability

2015-11-04T13:04:00
ID OBB:100734
Type openbugbounty
Reporter P4r4Bellum
Modified 2016-03-07T15:20:00

Description

Vulnerable URL:
http://www.stepstone.de/5/ergebnisliste.html?stf=freeText&ns;=1&qs;=[]&cityID;=0&sourceOfTheSearchField;=homepage%3Ageneral&ke;=%22-alert%28%22XSSPOSED%22%29-%22&ws;=&ra;=
Details:

Description| Value
---|---
Patched:| Yes, at 06.03.2016
Latest check for patch:| 06.03.2016 23:20 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4238
Google Pagerank| 7
VIP website status:| Yes
Check stepstone.de SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 4 November, 2015 13:04 GMT
Vulnerability existence verified and confirmed| 4 November, 2015 13:07 GMT
Vulnerability patched by the website owner| 7 March, 2016 15:20 GMT