yify-movie.com XSS vulnerability

2016-03-30T12:01:00
ID OBB:143980
Type openbugbounty
Reporter retr0
Modified 2016-06-23T01:24:00

Description

Vulnerable URL:
https://yify-movie.com/search/retr0%22%20autofocus%20onfocus=%22alert%28'xssposed'%29/All/All/0/latest/20/
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3323
Google Pagerank| 0
VIP website status:| Yes
Check yify-movie.com SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 30 March, 2016 12:01 GMT
Generic security notifications sent to website owner| 30 March, 2016 12:04 GMT
Notification sent to subscribers (without technical details)| 30 March, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 22 June, 2016 12:11 GMT
Vulnerability patched by the website owner| 23 June, 2016 01:24 GMT