energystar.gov XSS vulnerability

2017-05-16T12:05:00
ID OBB:237779
Type openbugbounty
Reporter Random_Robbie
Modified 2017-08-31T06:53:00

Description

Vulnerable URL:
http://www.energystar.gov/index.cfm?fuseaction=labeled_buildings.showResults&search;_owner_id=&search;_prop_manager_id=&FILTER;_B_ID=&building;_type_id=ALLBuildings&zip;=&search;_spp_id=&year;=2014&city;=haha&s;_code=ALL&profiles;=
Details:

Description| Value
---|---
Patched:| Yes, at 31.08.2017
Latest check for patch:| 31.08.2017 06:53 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 48765
VIP website status:| Yes
Check energystar.gov SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 16 May, 2017 12:05 GMT
Vulnerability existence verified and confirmed| 17 May, 2017 05:51 GMT
Generic security notifications sent to website owner| 27 May, 2017 03:34 GMT
Vulnerability details disclosed by researcher| 28 June, 2017 06:14 GMT
Vulnerability patched by the website owner| 31 August, 2017 06:53 GMT