leblancrealty.com XSS vulnerability

2017-06-22T05:56:00
ID OBB:251313
Type openbugbounty
Reporter Random_Robbie
Modified 2017-11-26T15:07:00

Description

Vulnerable URL:
http://www.leblancrealty.com/results/?radarea=0&cidonly;=&foreclosure;=&hud;=&shortsale;=&startnewsearch;=1&aid;="--!>"&oid;=&temp;=&PropType;=&searchtypesent;=&property;_category=&searchtype;=&townhouse;=&mobile;=&farm;=&state;=27&county;=119&city;[]=Crookston&pricemin;=&pricemax;=&bedrooms;=&bedmore;=1&bath;_full=&bath;_thre=1&garages;=&sqfoot;_low=&sqfoot;_high=&yb;_l=&newhome;=&lake;=&water;=&vtycount;=2&restype;=1&corpowned;=&pastdays;=&sort;=&sort;_by=&interval;=&single;=&multiple;=&ohouse;=&retail;=&industrial;=&office;=&mfg;=&invest;=&recreational;=&forclosure;=&business;=&warehouse;=&church;=&ForLease;=&ForSale;=&postoffice;=&newlisting;=&basement;=&pool;=&firstfloormaster;=&firstfloorlaundry;=&walkoutbasement;=&view;=&address;=&locations;[]=27|Minnesota|119|Polk|city|Crookston&limit;=12&&autocompleter;=v2
Details:

Description| Value
---|---
Patched:| Yes, at 26.11.2017
Latest check for patch:| 26.11.2017 15:07 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3939412
VIP website status:| No
Check leblancrealty.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 June, 2017 05:56 GMT
Generic security notifications sent to website owner| 22 June, 2017 05:58 GMT
Notification sent to subscribers (without technical details)| 22 June, 2017 06:17 GMT
Vulnerability details disclosed by researcher| 3 August, 2017 06:17 GMT
Vulnerability patched by the website owner| 26 November, 2017 15:07 GMT