Lucene search
St1_webOBB:178903HistoryAug 30, 2016 - 11:58 a.m.
salliemae.com XSS vulnerability
2016-08-3011:58:00
st1_web
www.openbugbounty.org
6
Vulnerable URL:
https://www.salliemae.com/search/?Ntt=%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E&Ntk;=all_fields&N;=0
Details:
| Description | Value |
|---|---|
| Patched: | Yes, at |
| Vulnerability type: | XSS |
| Vulnerability status: | Publicly disclosed |
| Alexa Rank | 13916 |
| VIP website status: | Yes |
| Check salliemae.com SSL connection: | (Grade: A) |
Coordinated Disclosure Timeline:
| Description | Value |
|---|---|
| Vulnerability submitted via Open Bug Bounty | 30 August, 2016 11:58 GMT |
| Generic security notifications sent to website owner | 30 August, 2016 12:00 GMT |
| Notification sent to subscribers (without technical details) | 30 August, 2016 14:17 GMT |
| Vulnerability details disclosed by researcher | 6 September, 2016 12:12 GMT |
| Vulnerability patched by the website owner | 27 September, 2016 14:34 GMT |