steamdreams.co.uk XSS vulnerability

2016-03-11T11:14:00
ID OBB:140726
Type openbugbounty
Reporter Lewis
Modified 2016-06-03T12:11:00

Description

Vulnerable URL:
http://www.steamdreams.co.uk/Executables/GT436TourCalendar.exe?ActionCode=TP&WebBookno;=10284696&SS;=SDSVR01\&DB;=SteamDreams&Division;=A&bookingtype;=T&date5;=42570&Tour;=71831&Route;=1&Board;=BAS&Adults;=2">

##### Details:

Description| Value  
---|---  
Patched:| No  
Latest check for patch:| 26.07.2017  
Vulnerability type:| XSS  
Vulnerability status:| Publicly disclosed  
Alexa Rank| 623319  
Google Pagerank| 3  
VIP website status:| No  
Check steamdreams.co.uk SSL connection:| (Grade: C)

##### Coordinated Disclosure Timeline:

Description| Value  
---|---  
Vulnerability submitted via Open Bug Bounty| 11 March, 2016 11:14 GMT  
Generic security notifications sent to website owner| 11 March, 2016 11:16 GMT  
Vulnerability details disclosed by researcher| 3 June, 2016 12:11 GMT