mva.maryland.gov XSS vulnerability

2017-05-12T14:43:00
ID OBB:236042
Type openbugbounty
Reporter Random_Robbie
Modified 2017-06-23T15:15:00

Description

Vulnerable URL:
http://www.mva.maryland.gov/se/util/display_mod.cfm?MODULE=/se-server/mod/modules/semod_printpage/mod_default.cfm&PageURL;=/businesses/tag-and-title-services/&VersionObject;=6C24064C0593B025F39DCEAD3E0D8880"--!>"&Template;=B15A88ED6F90B8B53B08074A0BD11F78&PageStyleSheet;=C1A52589995C8B11D31B2EBD1C9B0B51&pdfExport;=NO
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check mva.maryland.gov SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 May, 2017 14:43 GMT
Generic security notifications sent to website owner| 12 May, 2017 14:44 GMT
Vulnerability details disclosed by researcher| 23 June, 2017 15:15 GMT