vacationexpress.com XSS vulnerability

2016-10-27T08:50:00
ID OBB:189249
Type openbugbounty
Reporter TvM
Modified 2017-03-02T09:16:00

Description

Vulnerable URL:
https://www.vacationexpress.com/res/stwmain.aspx?action=--><!--
</pre>

##### Details:

Description| Value  
---|---  
Patched:| No  
Latest check for patch:| 27.07.2017  
Vulnerability type:| XSS  
Vulnerability status:| Publicly disclosed  
Alexa Rank| 133019  
VIP website status:| No  
Check vacationexpress.com SSL connection:| (Grade: A-)

##### Coordinated Disclosure Timeline:

Description| Value  
---|---  
Vulnerability submitted via Open Bug Bounty| 27 October, 2016 08:50 GMT  
Generic security notifications sent to website owner| 27 October, 2016 08:53 GMT  
Notification sent to subscribers (without technical details)| 27 October, 2016 10:17 GMT  
Vulnerability details disclosed by researcher| 2 March, 2017 09:16 GMT