lopoca.com XSS vulnerability

2015-12-01T10:27:00
ID OBB:111209
Type openbugbounty
Reporter dim0k
Modified 2016-02-24T01:31:00

Description

Vulnerable URL:
http://www.lopoca.com/common/clientCustom.asp?SectionID=1&UID;=1000&guid;=6338B8BA-4558-4E7C-8FAC-CE72CFCFF556#!prettyPhoto/2,/
Details:

Description| Value
---|---
Patched:| Yes, at 23.02.2016
Latest check for patch:| 23.02.2016 11:29 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 23702
Google Pagerank| 2
VIP website status:| Yes
Check lopoca.com SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 1 December, 2015 10:27 GMT
Vulnerability existence verified and confirmed| 1 December, 2015 10:30 GMT
Vulnerability details disclosed by researcher| 23 February, 2016 11:11 GMT
Vulnerability patched by the website owner| 24 February, 2016 01:31 GMT