colorado.edu IFRAME Injection vulnerability

2016-08-12T15:18:00
ID OBB:173716
Type openbugbounty
Reporter npuser500
Modified 2016-08-28T01:21:00

Description

Vulnerable URL:
http://www.colorado.edu/eventscalendar/cgi-bin/frame.cgi?parent=viewURL&url;=https://www.openbugbounty.org" name="bottom" frameborder="no" marginwidth="0" marginheight="0">
Details:

Description| Value
---|---
Patched:| Yes, at 27.08.2016
Latest check for patch:| 27.08.2016 08:17 GMT
Vulnerability type:| IFRAME Injection
Vulnerability status:| Publicly disclosed
Alexa Rank| 6908
VIP website status:| Yes
Check colorado.edu SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 August, 2016 15:18 GMT
Generic security notifications sent to website owner| 12 August, 2016 15:20 GMT
Notification sent to subscribers (without technical details)| 12 August, 2016 18:17 GMT
Vulnerability patched by the website owner| 28 August, 2016 00:40 GMT
Vulnerability details disclosed by researcher| 28 August, 2016 01:21 GMT