krak.dk XSS vulnerability

2016-08-24T04:48:00
ID OBB:177361
Type openbugbounty
Reporter dim0k
Modified 2016-09-29T03:50:00

Description

Vulnerable URL:
http://www.krak.dk/query?what=mail&search;_word=fris&mail;_type=contactCompany&ref;=hl">&company;_name=Mille%20M%20Herning&company;_code=116722708&to;_email=IzcHLCgtEC4MSgRZPAxdVz5jSFU&rand;=310658
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 10884
VIP website status:| Yes
Check krak.dk SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 August, 2016 04:48 GMT
Generic security notifications sent to website owner| 24 August, 2016 04:50 GMT
Vulnerability patched by the website owner| 24 September, 2016 16:34 GMT
Vulnerability details disclosed by researcher| 29 September, 2016 03:50 GMT