ucl.ac.uk XSS vulnerability

2017-02-03T04:36:00
ID OBB:210986
Type openbugbounty
Reporter Alyssa_Herrera
Modified 2017-04-28T07:15:00

Description

Vulnerable URL:
http://www.ucl.ac.uk/museums-static/objectretrieval/sites/default/modules/swftools/shared/flash_media_player/player.swf?debug=confirm`OPENBUGBOUNTY`?debug=confirm`OPENBUGBOUNTY`
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4899
VIP website status:| Yes
Check ucl.ac.uk SSL connection:| (Grade: B-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 3 February, 2017 04:36 GMT
Vulnerability existence verified and confirmed| 3 February, 2017 06:41 GMT
Vulnerability details disclosed by researcher| 28 April, 2017 07:15 GMT