belarusbank.by XSS vulnerability

2016-03-27T12:33:00
ID OBB:143542
Type openbugbounty
Reporter Almaco
Modified 2016-06-20T05:25:00

Description

Vulnerable URL:
http://belarusbank.by/ru/about/structure/search_filials?filter[oblast]=3&filter;[city]=ã.Ìèíñêq120u">nh5x4&filter;[street]=Ëóãîâà ÿ&filter;[num]=12&filter;[usluga]=usl_ibank&filter;[order_by]=num&filter;[workingWeekend]=1&search;=1&Ïîèñê=&advansed;_search_form=1
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 51380
Google Pagerank| 6
VIP website status:| No
Check belarusbank.by SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 27 March, 2016 12:33 GMT
Generic security notifications sent to website owner| 27 March, 2016 12:36 GMT
Vulnerability details disclosed by researcher| 19 June, 2016 13:11 GMT
Vulnerability patched by the website owner| 20 June, 2016 05:25 GMT