funda.nl XSS vulnerability

2016-10-24T11:59:00
ID OBB:188313
Type openbugbounty
Reporter k0t
Modified 2017-01-17T15:18:00

Description

Vulnerable URL:
http://www.funda.nl/about/default.aspx?pagina=/nl/algemene-teksten-funda-sites/fundanl/over-funda/x'-alert('OPENBUGBOUNTY')-'
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 5437
VIP website status:| Yes
Check funda.nl SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 October, 2016 11:59 GMT
Vulnerability existence verified and confirmed| 25 October, 2016 14:22 GMT
Generic security notifications sent to website owner| 25 October, 2016 14:22 GMT
Notification sent to subscribers (without technical details)| 25 October, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 17 January, 2017 15:18 GMT