flightaware.com XSS vulnerability

2017-07-05T12:43:00
ID OBB:259961
Type openbugbounty
Reporter Random_Robbie
Modified 2017-08-17T07:18:00

Description

Vulnerable URL:
https://flightaware.com/live/airport/KLGA/arrivals/%22%27%2D%2D%21>

##### Details:

Description| Value  
---|---  
Patched:| No  
Latest check for patch:| 17.08.2017  
Vulnerability type:| XSS  
Vulnerability status:| Publicly disclosed  
Alexa Rank| 3296  
VIP website status:| Yes  
Check flightaware.com SSL connection:| (Grade: A)

##### Coordinated Disclosure Timeline:

Description| Value  
---|---  
Vulnerability submitted via Open Bug Bounty| 5 July, 2017 12:43 GMT  
Vulnerability existence verified and confirmed| 6 July, 2017 06:24 GMT  
Generic security notifications sent to website owner| 6 July, 2017 06:24 GMT  
Notification sent to subscribers (without technical details)| 6 July, 2017 10:17 GMT  
Vulnerability details disclosed by researcher| 17 August, 2017 07:18 GMT