blanja.com XSS vulnerability

2017-02-11T14:54:00
ID OBB:212716
Type openbugbounty
Reporter NoGeKNOX1S2S3
Modified 2017-10-25T06:40:00

Description

Vulnerable URL:
http://www.blanja.com/index/homePageItemList?callback=homePageItemCallBack'"--!>&shopItems;=14580379,15317768,14873601,14643877,13864720,13915565,12179860,10001637,45473,14534821,14650606,14536276,14577493,11093159,14546618,14577461,15061255,14577670,15060744,15319352,11093111,14580381,11093109,14534325,13383634,14559402,14652191,14056446,14704233,14643798,14549077,14923813,13946389,15308102,10242723,15329485,14701799,14538573,15320227,14839617,13898694,15293250,10081003,14593119,14583080,14673536,13862339,14688109,13868578,13406116,14653057,15294926,15307109,13914994,13913985&_=1476513417231
Details:

Description| Value
---|---
Patched:| Yes, at 25.10.2017
Latest check for patch:| 25.10.2017 06:40 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 6919
VIP website status:| Yes
Check blanja.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 February, 2017 14:54 GMT
Vulnerability existence verified and confirmed| 13 February, 2017 06:15 GMT
Generic security notifications sent to website owner| 13 February, 2017 06:15 GMT
Customized security notification sent to website owner| 13 February, 2017 06:15 GMT
Notification sent to subscribers (without technical details)| 13 February, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 8 May, 2017 06:15 GMT
Vulnerability patched by the website owner| 25 October, 2017 06:40 GMT