partners.camsoda.com XSS vulnerability

2017-02-06T14:21:00
ID OBB:211743
Type openbugbounty
Reporter k0t
Modified 2017-07-28T14:58:00

Description

Vulnerable URL:
http://partners.camsoda.com/signup?country=&city;=">&referral;_url=https://partners.camsoda.com/assets/&birth;_date=1996-02-06&digital;_signature=&login;=&pay;_to_name=&wire;_bank_name=&password;=&wire;_misc_info=&referral;_affiliate_code=&wire;_account_number=&tax;_org_type_intl=&referral;_program_code=&minimum;_payment=50&pref;[mailer_closeout_notification]=1&state;=&wire;_bic=&first;_name=&email;=&payment;_method=CHECK&wire;_bank_country_code=&wire;_state=&address;=&salesman;_code=&last;_name=&wire;_routing_number=&tax;_org_type_other_us=&submit;=submit=Signup&wire;_bank_address=&wire;_iban=&pay;_to_email=&tax;_id_intl=&postal;_code=&is;_us_taxpayer=NO&tax;_id_us=&tax;_org_type_us=&tax;_org_type_other_intl=
Details:

Description| Value
---|---
Patched:| Yes, at 28.07.2017
Latest check for patch:| 28.07.2017 14:58 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check partners.camsoda.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 February, 2017 14:21 GMT
Generic security notifications sent to website owner| 6 February, 2017 14:24 GMT
Notification sent to subscribers (without technical details)| 6 February, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 1 May, 2017 15:16 GMT
Vulnerability patched by the website owner| 28 July, 2017 14:58 GMT