civs.cs.cornell.edu XSS vulnerability

2016-06-17T13:32:00
ID OBB:159604
Type openbugbounty
Reporter XSSbot
Modified 2016-06-27T10:57:00

Description

Vulnerable URL:
http://civs.cs.cornell.edu/cgi-bin/vote.pl?id=E_4ad0a4d59edb6422%3Cimg%20src=x%20onerror=confirm(%22OPENBUGBOUNTY%22)%3E
Details:

Description| Value
---|---
Patched:| Yes, at 26.06.2016
Latest check for patch:| 26.06.2016 19:44 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check civs.cs.cornell.edu SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 17 June, 2016 13:32 GMT
Generic security notifications sent to website owner| 17 June, 2016 13:34 GMT
Vulnerability details disclosed by researcher| 24 June, 2016 14:13 GMT
Vulnerability patched by the website owner| 27 June, 2016 10:57 GMT