americangirl.com XSS vulnerability

2016-01-19T20:24:00
ID OBB:126499
Type openbugbounty
Reporter e3xpl0it
Modified 2016-02-12T16:23:00

Description

Vulnerable URL:
http://www.americangirl.com/shop/EndecaSearchFromProductDisplayViewAG?productIndex=0&parameterID;=4294967282&ntk;=productSearch&currentPage;=0&langId;=-1&inDimSearch;=0&itemsPage;=12&catalogId;=10051&pageView;=grid&sortBy;=1&urlLangId;=-1&categoryId;=25624&urlRequestType;=Base&storeId;=10151&criteria;=\"><@/>
Details:

Description| Value
---|---
Patched:| Yes, at 12.02.2016
Latest check for patch:| 12.02.2016 01:21 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 7656
Google Pagerank| 6
VIP website status:| Yes
Check americangirl.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 19 January, 2016 20:24 GMT
Vulnerability existence verified and confirmed| 19 January, 2016 20:27 GMT
Vulnerability patched by the website owner| 12 February, 2016 16:23 GMT