esavo.esac.esa.int XSS vulnerability

2016-05-07T03:32:00
ID OBB:150267
Type openbugbounty
Reporter npuser500
Modified 2017-04-18T07:50:00

Description

Vulnerable URL:
http://esavo.esac.esa.int/vospec/jsp/openSpectrum.jsp?fileName=openbugbounty%22%27%29;alert%28%27OPENBUGBOUNTY
Details:

Description| Value
---|---
Patched:| Yes, at 08.04.2017
Latest check for patch:| 08.04.2017 03:05 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check esavo.esac.esa.int SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 7 May, 2016 03:32 GMT
Vulnerability existence verified and confirmed| 16 May, 2016 10:57 GMT
Generic security notifications sent to website owner| 16 May, 2016 10:57 GMT
Notification sent to subscribers (without technical details)| 16 May, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 8 June, 2016 02:48 GMT
Vulnerability patched by the website owner| 18 April, 2017 07:50 GMT