lotto.web.de XSS vulnerability

2017-01-13T08:45:00
ID OBB:206033
Type openbugbounty
Reporter tbm
Modified 2017-01-25T05:53:00

Description

Vulnerable URL:
https://lotto.web.de/webshop/product/gluecksspirale/;jsessionid=88BE9A0A4A5BCE4915BBBF1710A699B6.ww-02-110201/x'-prompt('OPENBUGBOUNTY')-'
Details:

Description| Value
---|---
Patched:| Yes, at 24.01.2017
Latest check for patch:| 24.01.2017 11:33 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 January, 2017 08:45 GMT
Generic security notifications sent to website owner| 13 January, 2017 08:48 GMT
Notification sent to subscribers (without technical details)| 13 January, 2017 10:17 GMT
Vulnerability patched by the website owner| 25 January, 2017 03:55 GMT
Vulnerability details disclosed by researcher| 25 January, 2017 05:53 GMT