game.co.uk XSS vulnerability

2017-02-28T18:55:00
ID OBB:216333
Type openbugbounty
Reporter LewisWildgoose
Modified 2017-04-19T08:14:00

Description

Vulnerable URL:
http://www.game.co.uk/en/accessories/?attributeName1=Price+Range_EN_GB&attributeName2;=Preorder_EN_GB&attributeValue1;=35&attributeValue2;=1zqjxy'"(){}:/1zqjxy;9!">&inStockOnly;=true&listerOnly;=true&sortBy;=&sortColumn;=popular&sortTypeStr;=DESC#Page2
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 8430
VIP website status:| Yes
Check game.co.uk SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 28 February, 2017 18:55 GMT
Vulnerability existence verified and confirmed| 1 March, 2017 07:47 GMT
Generic security notifications sent to website owner| 1 March, 2017 07:47 GMT
Vulnerability details disclosed by researcher| 19 April, 2017 08:14 GMT